Forum Discussion
How to Apply Existing Attack Signaturue Set to an ASM Policy using iControl REST API
Hello,
I am trying to use the iControl REST API interface in order to automatically and programmatically apply attack signature sets to all of our ASM Policies defined on our 11.6 device. Following the REST User Guide, I saw that it was possible to create new resources for a given policy (there was an example using /mgmt/tm/asm/policies/MD5HASH/urls as the resource endpoint) and so I tried extending the same principle to /mgmt/tm/asm/policies/MD5HASH/signature-sets , as that appears to be the most appropriate endpoint in order to apply defined signatures-sets to policies
To illustrate further, issuing a GET request for signature-sets already applied to one of my ASM policies, I get the following as a response:
{"selfLink": "https://localhost/mgmt/tm/asm/policies/tWE3e4F2jlpKH22mCw0I0Q/signature-sets",
"kind": "tm:asm:policies:signature-sets:signature-setcollectionstate",
"totalItems": 1,
"items": [
{
"learn": false,
"kind": "tm:asm:policies:signature-sets:signature-setstate",
"alarm": true,
"signatureSetReference":
{"link": "https://localhost/mgmt/tm/asm/signature-sets/2ODl_CpPYisXJvG_0bmcEA"},
"selfLink": "https://localhost/mgmt/tm/asm/policies/tWE3e4F2jlpKH22mCw0I0Q/signature-sets/GLKMhVlZQFNsMbMRD1EtkQ",
"id": "GLKMhVlZQFNsMbMRD1EtkQ",
"block": false}]}
Based off the key/value pairs on display here, I extrapolated and structured my JSON POST payload as follows to try and add a different existing signature set to the same policy as above -- I deduced that "signatureSet" is the only required JSON key to add here based off the error output that I've been receiving from the REST API and the above signature-set payload:
{ "signatureSet": "iZvFXdIDR8lEbUdSWttwPQ" }
However, I keep getting a 500 error from the REST API stating the following error message error_message:Could not parse/validate the Policy Signature Set. Can\'t use string ("iZvFXdIDR8lEbUdSWttwPQ") as a HASH ref while "strict refs" in use. I don't quite understand what I'm doing wrong here -- is the signature set ID value not the appropriate value to provide here? The REST API Guide hasn't been too helpful as it does not provide signature-set POST sample requests.
Appreciate any help and clarification here! Thanks!
3 Replies
Arnaud_LemaireEmployee
Hi if you want to add a signature-set, you need to POST on /mgmt/tm/asm/policies/tWE3e4F2jlpKH22mCw0I0Q/signature-sets your signature set defined as :
{ "learn": false, "alarm": true, "signatureSetReference": {"link": "https://localhost/mgmt/tm/asm/signature-sets/2ODl_CpPYisXJvG_0bmcEA"}, "block": false }where {"link": ""} is the link to your new signature-set
OberschmidtNimbostratus
Is this still a valid way of add signature sets to an ASM policy? I have this exact payload with my requests add not getting a succesful result.
Error 404 Client Error
message: could not add the policy signature set 'unamed, internal data inconsistency was detected'
Signature set it available and I can add manually with no issue.
Ah okay, excellent this worked! I think I tried specifying that signatureSetReference key at some point, but forgot to include the nested curly braces (also localhost name). Thanks a lot!
