For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

JeffRW's avatar
JeffRW
Icon for Altocumulus rankAltocumulus
Aug 01, 2019

How to check if a user disabled signatures in ASM

I was reviewing my ASM policies and for my main ASM policy I saw there were 3k+ signatures in the 'Ready To Be Enforced" column, which is a large very number and very odd as usually when F5 pushes out a signature update, I see a handful that I need to enforce.

 

Is there a way to check to see if a user disabled signatures for an ASM policy?

 

Thx

2 Replies

  • Lidev's avatar
    Lidev
    Icon for Nacreous rankNacreous
    Aug 01, 2019

    Hello JeffRW,

     

    Yes it's possible, play with the custom filter in Security ›› Application Security : Attack Signatures, then Show Filter Details and Enabled filter to NO

    However, it only shows signature attacks disabled at the global level not on explicit entities.

    • JeffRW's avatar
      JeffRW
      Icon for Altocumulus rankAltocumulus
      Aug 01, 2019

      Thx for the reply. I'm looking for a way to see if a user disabled signatures. Does F5 have a log file with the level of granularity that tracks this?

       

      Thx