Forum Discussion
Enr1g_219148
Nimbostratus
NimbostratusWhich attack signature sets does contain others?
My application is running on Apache Tomcat and there is one signature set with such name. Of course, I enabled it. The question is should I also enable sets referred to e.g. Apache, Java Servlets? Or maybe required signatures are containing in Apache Tomcat set already?
3 Replies
Here's an article that might give a little more info as well: https://devcentral.f5.com/articles/the-big-ip-application-security-manager-part-4-attack-signatures
Enr1g_219148Found a solution: "Security ›› Application Security : Attack Signatures : Attack Signatures List" then choose Advanced filter and by analyzing overlap after adding new set you can assume about relations between sets.
Thanks to boneyard for the idea.
- boneyard
MVP
should be easy enough to just check? check how many signature per set you enable and if there is overlap.
