Forum Discussion
Exporting a full list of Attack Sigantures
Hi. I am looking to export a full list of the current signatures I have in blocking mode. If possible, I would like to separate these lists in to their signature sets.
If I navigate to "Security ›› Options : Application Security : Attack Signatures : Attack Signature Sets" then I can view the different signature set types. Let's take the High Accuracy Signatures for instance. If I click on those, I get a list of signatures that are a part of that set, but I cannot copy and paste them.
I have people asking me for a list of these signatures so I am hoping there is an easy way to extract these. They want to be able to share it within their team to show what the WAF is doing for them, and what it is blocking so they can test it out for themselves.
Is it a possibility that a file exists in the console that I can pull down through WinSCP that has a list of these?
Similarly if I go to "Security ›› Application Security : Attack Signatures" I would like to be able to export the full list of 2857 signatures I have for this policy.
Thanks.
- suttonscEmployee
I've used a similar export in v13 via the Rest API. Not to get the signatures per signature set, but all signatures from policies in blocking.
Specifically getting the attack signature sets to correlate to the signatures assigned to the blocking policy would require some additional logic and leg work.
API endpoints:
-
You can find policies in Blocking:
API endpoint: https://$target_ip/mgmt/tm/asm/policies
-
Signature sets for those policies:
API endpoint: https://$target_ip/mgmt/tm/asm/policies//signature-sets
-
Signatures for the policies:
API endpoint: https://$target_ip/mgmt/tm/asm/policies//signatures?\$expand=signatureReference
-
- Peter_Silva_123Historic F5 Account
Hi Nick~
I believe you can only export user-defined attack signatures.
Here's the chapter on Importing and Exporting Security Policies (not sure of your version):
and
The chapter on Working with Attack Signatures:
In the 2nd link, at the bottom of the page it gives the steps to export all user-defined attack signatures.
I know not exactly what you need but hope it helps.
ps
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com