Which attack signature sets does contain others?

Question

My application is running on Apache Tomcat and there is one signature set with such name. Of course, I enabled it. The question is should I also enable sets referred to e.g. Apache, Java Servlets? Or maybe required signatures are containing in Apache Tomcat set already?

boneyard · Answer

should be easy enough to just check? check how many signature per set you enable and if there is overlap.

enr1g_219148 · Answer

Found a solution: "Security ›› Application Security : Attack Signatures : Attack Signatures List" then choose Advanced filter and by analyzing overlap after adding new set you can assume about relations between sets.&nbsp;
Thanks to boneyard for the idea.&nbsp;

ltwagnon · Answer

Here's an article that might give a little more info as well:  https://devcentral.f5.com/articles/the-big-ip-application-security-manager-part-4-attack-signatures&nbsp;

Forum Discussion

Which attack signature sets does contain others?

Recent Discussions

Client SSL Profile set to Require Client Certificate breaks RDP in APM

TS Declarations for DNS

APM file and registry key date check 8 days old

SSL bridging without SSL proxy forward

Should config via cli rather than gui?

Related Content

Support of WAF Signature Staging in F5 Distributed Cloud (XC)

Mitigating JSON-based SQL injection with BIG-IP ASM / Advanced WAF Attack Signatures

BoT Defense Profile, Signature Enforcement

Wildcard Parameter signature attack

Live Update- ASM attack signatures

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS