Curious about the ASM Attack Signature Update

Question

When I update signatures through ".im files", some signatures were often deleted.

I thought the signatures to be deleted would be "risk : low" or "accuracy : low".

But their risk, their accuracy, was High or Medium.

What's the point of removing these signatures from F5?

I'm curious about the criteria for signature deletion.

Thank you.

enes_afsin_al · Answer

Hi thekoreanhuy,
Looking at the ASM Signatures Release Notes, I see that six signatures have been removed in the last year. There are signatures with the same name but different ids, except "cmmd" signatures.

ASM-AttackSignatures_20240814_183003:Deleted Information Leakage signature 200009311 for WordPress User Meta Information Disclosure (2)
ASM-AttackSignatures_20240530_071654:Deleted Predictable Resource Location signature 200010472 for Joomla! webservice endpoint unauthorized access
ASM-AttackSignatures_20240507_152613:Deleted Command Execution signature 200003079 for "cmmd" execution attemptDeleted Command Execution signature 200003199 for "cmmd" execution attempt (Header)Deleted Command Execution signature 200003200 for "cmmd" execution attempt (URI)
ASM-AttackSignatures_20231122_200704:Deleted Server Side Code Injection signature 200004163 for PHP injection attempt (passthru)

Forum Discussion

Curious about the ASM Attack Signature Update

Recent Discussions

Issue while migrating config from 4000s to r4600

Rseries SCP OS to appliance from remote server

Curious about the ASM Attack Signature Update

TACACS not working with F5OS

Application redirection

Related Content

Mitigating JSON-based SQL injection with BIG-IP ASM / Advanced WAF Attack Signatures

Wildcard Parameter signature attack

Live Update- ASM attack signatures

Default Attack Signature Sets

The HTTP/2 CONTINUATION frame attack

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS