Forum Discussion
mister_paul_717
Nimbostratus
Nimbostratusmanaging signatures
Hey everyone,
I'm trying to find a way to manage our signatures better, because the way I'm currently trying to do it seems wrong.
Background: We currently have 2 signature sets we use...
hoolio
Cirrostratus
CirrostratusHi Paul,
That's an interesting methodology. In ASM policies for large applications, we typically keep all of the attack signatures in a single set and just enable those that don't generate any false positives in the initial period the policy is in transparent mode in the live environment.
I don't think there is a simple, supported way to move attack sigs from one set to another other than via the GUI. You might be able to do this (easily?) by modifying the MySQL database, but that would be unsupported and could be very specific to each ASM version.
How would you ideally like to be able to "move" a group of signatures from one set to another? You could open a case with F5 Support and describe this use case.
Aaron
