Forum Discussion

Nimbostratus

Jul 15, 2015

Updating attack signatures (best practice)

Is there anyone here that can share their experience(s) regarding the updating (severely)out of date attack signatures with ASM. I inherited ASM management and running 11.4.1 Can attack sig...

MVP

Jul 16, 2015

no, you update all signatures at once, not per asm policy. the effect within an asm policy depends on the settings for that policy and as long as you use signature staging no signature will have a direct effect. on the other side some currently enforced signature will be taken out of enforcement and put into staging.

a lot depends on the backing you get from higher up. do they want top security then update en just enforce directly. might cause some extra false positives but will certainly give better protection. if they want to be more careful with unneeded block, update and watch the manual traffic learning to look at the hit signatures in staging. after a week enforce everything without hits and work on the ones with hits.

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

Updating attack signatures (best practice)

AppWorld 2026: Save the Date and Join Our Community In Person!

Introducing the F5 AI Assistant for BIG-IP

Recent Discussions

Terraform LTM provider - ICMP disabled on resulting VIPs

Need to make 2 Virtual Appliance in r4600 F5

Disabling signature for a URL

XC - geo LB to the origin servers

F5 LACP

Related Content

AS3 Best Practice

F5 Certified Practice Exams

Five Ways to Automate F5OS with Ansible: A Practical Guide

NGINX App Protect v5 Signature Notifications

Live Update- ASM attack signatures

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS