For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

cxcal_18687's avatar
cxcal_18687
Icon for Nimbostratus rankNimbostratus
Jul 15, 2015

Updating attack signatures (best practice)

Is there anyone here that can share their experience(s) regarding the updating (severely)out of date attack signatures with ASM.   I inherited ASM management and running 11.4.1   Can attack sig...
ASM Advanced WAF
deployment
security
swo0sh_gt_13163's avatar
swo0sh_gt_13163
Icon for Altostratus rankAltostratus
Feb 17, 2016

Umm... The last incident was observed on 11.6.1 HF6. The signature got detected was "src http: (Parameter) (2)". However the old signature exist was "src http: (Parameter)" without (2).

 

The updated signature i.e. "src http: (Parameter) (2)" automatically took place and followed the ASM Policies' action i.e. Blocking.

 

So I think this needs to get verified.

 

swo0sh_gt_13163's avatar
swo0sh_gt_13163
Icon for Altostratus rankAltostratus
Aug 09, 2016

@Hannes Rapp, Well, that was rude. This community is built to exchange information and knowledge. And I don't see any issue putting that comment out there. I shared it because I got an update, and it might help others.

 

So better sharing your personal view and respect all the contributors to the community.