Enquiry on ASM Attack Signature Best Pratice

Question

Hi, when i'm creating a security policy, attack signature is auto assigned based on the selected systems assigned.&nbsp;
It have other attack signature e.g. Cross Site Scripting, SQL Injection &amp; etc. Do it need to manually add them in? What are the best recommended practice?&nbsp;
&nbsp;

arnaud_lemaire · Answer

Hi Boon, don't hesitate to have a look to this great do, maybe you'll find some help : https://support.f5.com/kb/en-us/products/big-ip_asm/manuals/product/f5-asm-operations-guide.html.&nbsp;
Quick comment on your question, when you created the security policy, during the wizard, ASM asked you to configure Attack signatures. In this step ASM proposed you various signature organized as system-set based on OS/application framework/language/DB. If during this steps you have selected SQL you already have in your policy injection related signatures.&nbsp;
the menu you display here is just another way to present signatures not system related but attack oriented.&nbsp;
What you could do first, is move the to second tab, attack signature list, which displays applied signatures to your policy, and filter based on "signature attack types", you will be able to see if signatures are already applied.&nbsp;

Forum Discussion

Enquiry on ASM Attack Signature Best Pratice

1 Reply

F5 Container Ingress Services (CIS) and using k8s traffic policies to send traffic directly to pods

F5 Architecture Track Sessions - AppWorld 2026

Recent Discussions

error code 503 redirect irule

Curl 7.10.5 < 8.12.0 Integer Overflow (CVE-2025-0725)

OWA File Upload URIs for WAF Bypass

F5 AWAF/ASM learning only from Trusted traffic?

F5OS VLAN naming length restrictions

Related Content

November Security Research Update: Newly Released Attack Signatures

NGINX App Protect v5 Signature Notifications

Custom Attack Signatures

Support of WAF Signature Staging in F5 Distributed Cloud (XC)

Disabling signature for a URL

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS