Forum Discussion

simon_kwon's avatar
simon_kwon
Icon for Altostratus rankAltostratus
Aug 02, 2023

export "ready to be enforced" signature list

Hi there,

We have tried to export/list the "ready to be enforced" signatures for our team.

I have tried to find it through MySQL, but I cannot find it on here.

 

Is there any way to find it?

security
signatures
  • simon_kwon's avatar
    simon_kwon
    Aug 03, 2023

    Not to use the GUI, I found the other method to list the "ready to be enforced" signatures

    This is the way to do with iControl:

     

     

    restcurl -u admin:[password] "/tm/asm/policies/[Policy ID]/signatures?\$select=&\$filter=enabled+eq+true+and+performStaging+eq+true+and+wasUpdatedWithinEnforcementReadinessPeriod+eq+false+and+hasSuggestions+eq+false+and+inPolicy+eq+true"

    with this API call, signature IDs can be listed.

  • CA_Valli's avatar
    CA_Valli
    Icon for MVP rankMVP
    Aug 02, 2023

    Enforcement readiness is a per-policy behavior.
    Easiest way to find it will be in the GUI: move to Security > Policies > Policy List > (policy name) > Attack Signatures  menu, and filter Status: Ready to be enforced.

     

    Or, in older versions, move to the Application Security > Attack Signatures menu, select the intended policy from the drop-down menu, then expand the Advanced Filter and select "Ready to be enforced" for Staging. 

     

    This method does not allow you to export the list, sadly.
    You can check this thread however, where the pinned answer is a script that automates policy installation and it uses the API functions of the BIG-IP to query it for the enforcement-ready entities of every policy. 

    It will require some tuning but it's a very good start IMO. 

  • simon_kwon's avatar
    simon_kwon
    Icon for Altostratus rankAltostratus
    Aug 03, 2023

    Not to use the GUI, I found the other method to list the "ready to be enforced" signatures

    This is the way to do with iControl:

     

     

    restcurl -u admin:[password] "/tm/asm/policies/[Policy ID]/signatures?\$select=&\$filter=enabled+eq+true+and+performStaging+eq+true+and+wasUpdatedWithinEnforcementReadinessPeriod+eq+false+and+hasSuggestions+eq+false+and+inPolicy+eq+true"

    with this API call, signature IDs can be listed.

  • SV2022's avatar
    SV2022
    Icon for Cirrus rankCirrus
    Aug 01, 2024

    password to be replaced,but whats the policy ID ..i gave the policy name it is not working

    • simon_kwon's avatar
      simon_kwon
      Icon for Altostratus rankAltostratus
      Aug 05, 2024

      Hi,

       

      You should export Policy ID with other restcurl commandline as a below:

      restcurl -u admin:[password] "/tm/asm/policies/?\$select=id,versionPolicyName,enforcementMode"

       

      you should use that ID to control ASM policy with API.