Forum Discussion

Nimbostratus

Jul 15, 2015

Updating attack signatures (best practice)

Is there anyone here that can share their experience(s) regarding the updating (severely)out of date attack signatures with ASM. I inherited ASM management and running 11.4.1 Can attack sig...

Employee

Jul 16, 2015

You may have quite a few new signatures added to the attack signature pool after you update because they are cumulative. By default, ASM should place all newly added attack signatures into staging. That way, if your policy is in blocking mode, a triggered signature will not block the request, and you have time to deal with false positives. Before you update, ensure that the Signature Staging option (on the Attack Signatures Configuration screen) for the overall policy is enabled. If Signature Staging for the overall policy is not enabled, you run the risk of enforcing all signatures as soon as you add them. If the policy is blocking mode, and an enforced signature is triggered, the request will be blocked.

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

Updating attack signatures (best practice)

AppWorld 2026: Save the Date and Join Our Community In Person!

Introducing the F5 AI Assistant for BIG-IP

Recent Discussions

Terraform LTM provider - ICMP disabled on resulting VIPs

Need to make 2 Virtual Appliance in r4600 F5

Disabling signature for a URL

XC - geo LB to the origin servers

F5 LACP

Related Content

AS3 Best Practice

F5 Certified Practice Exams

Five Ways to Automate F5OS with Ansible: A Practical Guide

NGINX App Protect v5 Signature Notifications

Live Update- ASM attack signatures

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS