Forum Discussion

Icon for Altocumulus rank

Altocumulus

Jul 04, 2023

BoT Defense Profile, Signature Enforcement

Recently, I implemented a BoT Defense/logging profile in transparent mode, expecting the profile to "learn" from the traffic generated by bots. During the initial "learning mode period," I hoped the ...

dbaimakov
Jul 11, 2023
Thank you everyone for your input, the issue seems to have resolved itself, the signagures must not have been staged long enough I suppose.

Icon for MVP rank

MVP

Jul 05, 2023

You can sign up to revieve email alerts when new bot signatures are available. You can also set to auto-update (or not). Please see the following:

https://techdocs.f5.com/en-us/bigip-14-1-0/big-ip-asm-attack-and-bot-signatures-14-1-0/updating-attack-and-bot-signatures.html

That would at least help validate the frequency of updates, and if you are missing one.

By default, signatures are staged and log a match. You would need to set them to enforce to actually block.

https://techdocs.f5.com/en-us/bigip-14-1-0/big-ip-asm-attack-and-bot-signatures-14-1-0/assigning-bot-signatures-to-security-policies.html

Hope this helps a bit.

Recent Discussions

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming