Signature sets precedence for ASM Policy

Question

Had a query on signature sets on ASM Policy.  In my Policy Attack Signature Configuration, i can see multiple groups based on which i can select either to learn, alarm or block.  Basically i want to tune my policies as all of the signature sets are currently on block mode.  If i want to disable just the OWA Signatures and set it to Alarm only. Should i be disabling block for "All Signatures" as well and select Attack specific signatures sets. Will enabling block for "All signatures" override the "OWA signatures" Learn only setting?
Wanted to know the precedence of applying signature based checks.&nbsp;
&nbsp;

nathe · Answer

sk, signatures may be in more than one Set. If you want to tune then suggest the policy is in Transparent mode, as this overrides Blocking configuration on the attack signatures (as well as other violations too I might add).

Forum Discussion

Signature sets precedence for ASM Policy

Recent Discussions

Background Tasks

Which process is consuming higher CPU

SSL bridging without SSL proxy forward

Big-IP VE edition for MacBook M4 Chip

Client SSL Profile set to Require Client Certificate breaks RDP in APM

Related Content

Access policy, LTM policy and iRules

Manage F5 BIG-IP Advanced WAF Policies with Terraform (Part 4 - Policy Lifecycle management)

Manage F5 BIG-IP Advanced WAF Policies with Terraform (Part 2 - Policy Import)

Wildcard Parameter signature attack

Evaluate WAF Policy with BIG-IQ Policy Analyzer

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS