Forum Discussion

Nimbostratus

Jul 15, 2015

Updating attack signatures (best practice)

Is there anyone here that can share their experience(s) regarding the updating (severely)out of date attack signatures with ASM. I inherited ASM management and running 11.4.1 Can attack sig...

Altostratus

Feb 17, 2016

Umm... The last incident was observed on 11.6.1 HF6. The signature got detected was "src http: (Parameter) (2)". However the old signature exist was "src http: (Parameter)" without (2).

The updated signature i.e. "src http: (Parameter) (2)" automatically took place and followed the ASM Policies' action i.e. Blocking.

So I think this needs to get verified.

swo0sh_gt_13163

Altostratus

Aug 09, 2016

Hello Folks,

So this is confirmed. When you update ASM Signatures, newly updated signatures will never placed into Staging, even you click on the checkbox of "Place updated signatures in staging", it won't place the signature into staging.

This has been validated with F5 btw! The fix should be released in version 12.X as per the last update from F5.

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

Updating attack signatures (best practice)

AppWorld 2026: Save the Date and Join Our Community In Person!

Introducing the F5 AI Assistant for BIG-IP

Recent Discussions

Terraform LTM provider - ICMP disabled on resulting VIPs

Need to make 2 Virtual Appliance in r4600 F5

Disabling signature for a URL

XC - geo LB to the origin servers

F5 LACP

Related Content

AS3 Best Practice

F5 Certified Practice Exams

Five Ways to Automate F5OS with Ansible: A Practical Guide

NGINX App Protect v5 Signature Notifications

Live Update- ASM attack signatures

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS