Threat campaign update

Question

What's the recommended way of updating threat campaign signatures? Auto or manual?&nbsp;
If it's set to auto, does new signatures from TC goes into staging or blocking immediately?&nbsp;

daniel_wolf · Answer

Hi&nbsp;spalande,&nbsp;
my recommended way is auto updates and blocking immediatley.TC are not as generic as attack signatures, they are signatures aiming to protect against a specific attack. For the reason that they are tailored to protect against a specific attack and not a "band aid" for a generic vulnerability, I don't expect false positives (and I never experienced a false positive). Also I want to have always the latest - my sleep schedule doesn't foresee waking up at 3 AM to manually patch against Log4Shell 🙂
KRDaniel

Forum Discussion

Threat campaign update

Recent Discussions

Can you set Kerberos AAA server via session variable?

HTML Code injection Not detected by ASM

What will be happen to live and existing connections when failover HA BIG IP active-standby

SSL Offload and remove FQDN

High CPU utilization (100%).

Related Content

Threat Campaigns

Scuba Gear from CISA, ROBLOX Malware Campaign, and RUST backdoo-rs

OWASP Automated Threats - OAT-001 Carding

Threat Campaigns Targeting Oracle WebLogic Servers (CVE-2020-14882)

Enriching AFM with public domain Threat Intelligence

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS