Forum Discussion

Arthur_7109's avatar
Arthur_7109
Icon for Nimbostratus rankNimbostratus
Aug 29, 2012

Enabling signature staging only for new updates

Hi there,

 

 

We have several ASM security policies in blocking mode, with the attack signatures set to blocking, and disabled some that were causing false positives.

 

 

We have disabled "Signature Staging".

 

 

Now we want to update the signatures, and have the new and modified ones in staging, while keeping the others in blocking mode, so no staging.

 

 

That requires enabling staging, but then all signatures are put in staging mode (this is before doing the sig update).

 

 

I can workaround that by going to the traffic learning page and "Attack Signature Staging", and manually enforce the signatures.

 

 

When after that I update the signatures, only the new/changed ones are in staging, like I wanted.

 

 

But this is cumbersome, and I have some 60 such policies.

 

 

Is there a better way to achieve this? Enabling signature staging only for new updates, so not putting all existing sigs in staging?

 

 

This is for ASM version 9.4 but that may not matter much. And I'll need to do it in version 10.2 later anyway.

 

 

Thanks,

 

 

Arthur

 

No RepliesBe the first to reply