Forum Discussion
Multiple ASM Attack Signature Sets Applied to a Policy
> When I look at the list of all the signatures applied to a specific policy, is there a way of telling which "attack signature set" an individual attack signature belongs to?
If you expand the Signature, you can see the Set it has been assigned from:
> If an attack signature belongs to two signature sets which are applied to my policy, is it possible that a specific signature is in one state in attack signature set "A" and another state in attack signature set "B"? As an example if an attack signature is set to staging in set "A" and set to enforced in set "B", what happens? If that is possible, which setting takes precedence?
The most restrictive setting applies - in the above, *High Accuracy Signatures* is set to **Learn**, while *Generic Detection Signatures* is set to **Learn, Alarm and Block**.
You can see that the signature has the most restrictive setting **Learn, Alarm, and Block**.
> Is there an easy way to identify those attack signatures that are assigned to two or more signature sets within the policy? Is there a filter that can identify those?
Not that I can find.
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com