For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

mkeenan_289714's avatar
mkeenan_289714
Icon for Nimbostratus rankNimbostratus
Oct 09, 2016

Copying System-Supplied Attack Signatures for Modification

Is it possible to copy a System-Supplied Attack Signature so that I can modify the copied signature and apply it to a custom Signature Set?   For example - While in staging, a System-Supplied Att...
ASM Advanced WAF
security
Leonardo_Souza's avatar
Leonardo_Souza
Icon for Cirrocumulus rankCirrocumulus
Oct 09, 2016

I don't think you will be able to view the content of the signatures. If you download the signature from downloads.f5.com, you will see that the signatures are encrypted. If you open the file with a zip software, and you find the file /RPMS/packages/current_sigfile.enc.

 

Not sure if the signatures are saved in the /usr/shared/ts, or in the mysql database. Anyway, if the file is encrypted in downloads.f5.com, I doubt it will be in clear text in the system. It will probably be in clear text in RAM, but that is too advanced to get. :P