For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

Boon_Khai_Tie_1's avatar
Boon_Khai_Tie_1
Icon for Nimbostratus rankNimbostratus
Jun 01, 2016

Enquiry on ASM Attack Signature Best Pratice

Hi, when i'm creating a security policy, attack signature is auto assigned based on the selected systems assigned.   It have other attack signature e.g. Cross Site Scripting, SQL Injection & etc. ...
ASM Advanced WAF
security
Arnaud_Lemaire's avatar
Arnaud_Lemaire
Icon for Employee rankEmployee
Jun 01, 2016

Hi Boon, don't hesitate to have a look to this great do, maybe you'll find some help : https://support.f5.com/kb/en-us/products/big-ip_asm/manuals/product/f5-asm-operations-guide.html.

 

Quick comment on your question, when you created the security policy, during the wizard, ASM asked you to configure Attack signatures. In this step ASM proposed you various signature organized as system-set based on OS/application framework/language/DB. If during this steps you have selected SQL you already have in your policy injection related signatures.

 

the menu you display here is just another way to present signatures not system related but attack oriented.

 

What you could do first, is move the to second tab, attack signature list, which displays applied signatures to your policy, and filter based on "signature attack types", you will be able to see if signatures are already applied.