How to check if a user disabled signatures in ASM

Question

I was reviewing my ASM policies and for my main ASM policy I saw there were 3k+ signatures in the 'Ready To Be Enforced" column, which is a large very number and very odd as usually when F5 pushes out a signature update, I see a handful that I need to enforce.

Is there a way to check to see if a user disabled signatures for an ASM policy?

Thx

lidev · Answer

Hello JeffRW,&nbsp;Yes it's possible, play with the custom filter in Security&nbsp;››&nbsp;Application Security : Attack Signatures, then Show Filter Details and Enabled filter to NOHowever, it only shows signature attacks disabled at the global level not on explicit entities.

jeffrw · Answer

Thx for the reply. I'm looking for a way to see if a user disabled signatures. Does F5 have a log file with the level of granularity that tracks this?&nbsp;Thx&nbsp;

Forum Discussion

How to check if a user disabled signatures in ASM

Recent Discussions

Can i apply ddos profile on virtual server using port range

I used the wrong email account when take Application Delivery Exam (101)

F5 iControl REST API - viewBy Parameter Issue in Analytics Report

'F5 rules for AWS WAF' ruleset not working for jsp web shell attack

Disable ssl or https for the embed url

Related Content

ASM irule to disable attack signature authorization header with specific value

Support of WAF Signature Staging in F5 Distributed Cloud (XC)

Check a Virtual Server's SSL Status

Disable certificate revocation checking

Mitigating JSON-based SQL injection with BIG-IP ASM / Advanced WAF Attack Signatures

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS