Forum Discussion
AltostratusCurious about the ASM Attack Signature Update
When I update signatures through ".im files", some signatures were often deleted.
I thought the signatures to be deleted would be "risk : low" or "accuracy : low".
But their risk, their accuracy, was High or Medium.
What's the point of removing these signatures from F5?
I'm curious about the criteria for signature deletion.
Thank you.
3 Replies
Hi thekoreanhuy,
Looking at the ASM Signatures Release Notes, I see that six signatures have been removed in the last year. There are signatures with the same name but different ids, except "cmmd" signatures.
ASM-AttackSignatures_20240814_183003:
Deleted Information Leakage signature 200009311 for WordPress User Meta Information Disclosure (2)ASM-AttackSignatures_20240530_071654:
Deleted Predictable Resource Location signature 200010472 for Joomla! webservice endpoint unauthorized accessASM-AttackSignatures_20240507_152613:
Deleted Command Execution signature 200003079 for "cmmd" execution attempt
Deleted Command Execution signature 200003199 for "cmmd" execution attempt (Header)
Deleted Command Execution signature 200003200 for "cmmd" execution attempt (URI)ASM-AttackSignatures_20231122_200704:
Deleted Server Side Code Injection signature 200004163 for PHP injection attempt (passthru)
thekoreanguyWhat you mean is that the signature to be deleted is due to duplication?
Hi,
Probably, the removed signatures are not needed because of other signatures. You can open a case to support for more information. There is no explanation or article on why the signatures were removed.
