Forum Discussion
Curious about the ASM Attack Signature Update
When I update signatures through ".im files", some signatures were often deleted.
I thought the signatures to be deleted would be "risk : low" or "accuracy : low".
But their risk, their accuracy, was High or Medium.
What's the point of removing these signatures from F5?
I'm curious about the criteria for signature deletion.
Thank you.
Hi thekoreanhuy,
Looking at the ASM Signatures Release Notes, I see that six signatures have been removed in the last year. There are signatures with the same name but different ids, except "cmmd" signatures.
ASM-AttackSignatures_20240814_183003:
Deleted Information Leakage signature 200009311 for WordPress User Meta Information Disclosure (2)ASM-AttackSignatures_20240530_071654:
Deleted Predictable Resource Location signature 200010472 for Joomla! webservice endpoint unauthorized accessASM-AttackSignatures_20240507_152613:
Deleted Command Execution signature 200003079 for "cmmd" execution attempt
Deleted Command Execution signature 200003199 for "cmmd" execution attempt (Header)
Deleted Command Execution signature 200003200 for "cmmd" execution attempt (URI)ASM-AttackSignatures_20231122_200704:
Deleted Server Side Code Injection signature 200004163 for PHP injection attempt (passthru)
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com