Forum Discussion

Nimbostratus

Oct 13, 2013

F5 ASM Attack Signature Update

what are best practices for attack signature updates ? automatic or manual ? Which frequency shall be better used if manual & if Automatic ?

security

nathe

Cirrocumulus

Oct 14, 2013

Yes, under Application Security, Policy, Policy, Properties there is a "Staging-Tightening Period" you can set. This defines the period in which any newly added signatures are placed in staging so, if triggered, just logs and doesn't block (even if policy mode is blocking). At the end of this period you can then enforce those sigs that haven't been triggered and/or make exceptions to any false positives that may have occurred on these new sigs (Policy Building - manual - Staging/tightening summary).

Also, you can choose to put updated sigs also in staging (check box when you do the update).

Hope this helps,

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)