cancel
Showing results for 
Search instead for 
Did you mean: 

ASM attack signatures

THE_BLUE
Cirrus
Cirrus

What does ASM attack signatures covers?

Does all types of attacks will be blocked by ASM ? or it's cover limited level of vulnerabilities? and why there is no attack signature from F5 for some CVEs ?

Are there certain standards for ASM to deal with a specific type of attacks?

1 ACCEPTED SOLUTION

Erik_Novak
F5 Employee
F5 Employee

You do not have to add all sets to the policy. When you create the policy using the deployment wizard, you can specify server technologies during policy creation. That will assign attack signatures for each server technology immediately. Alternatively, you can go to the Learning and Blocking Settings page, and select Enable Server Technology Detection in the Server Technologies section. That will take a bit more time but then you will see learning suggestions to add the discovered server technologies/attack signatures.

View solution in original post

4 REPLIES 4

Erik_Novak
F5 Employee
F5 Employee

Attack signatures are complex regular expressions which cover all known malicious input strings--think of SQL commands, Unix command line strings, etc. which can be sent to an application to probe for vulnerabilities or to mount an attack against a server or application. Attack signatures are written to address known threats against common server technologies such as Windows OS, Unix/Linux, PHP, MongoDB, and many more. There are layers of redundancy in F5-supplied attack signatures and they are extremely effective. CVEs are a little bit different, because they are transient attacks when compared with well understood historical attacks such as any sort of code injection. CVEs are addressed by Threat Campaigns in F5 Advanced WAF. Threat campaigns are extremely accurate relatives of attack signatures but focus on defeating the precise threat defined in the CVE.

Dear Erik,

thanks for ur inputs.

so can we say ASM can block attack to server level based on server technology ?

by default F5 add attack signatures to policy based on learning stage, so is that enough? or we have to add all sets on policy?

Erik_Novak
F5 Employee
F5 Employee

You do not have to add all sets to the policy. When you create the policy using the deployment wizard, you can specify server technologies during policy creation. That will assign attack signatures for each server technology immediately. Alternatively, you can go to the Learning and Blocking Settings page, and select Enable Server Technology Detection in the Server Technologies section. That will take a bit more time but then you will see learning suggestions to add the discovered server technologies/attack signatures.

Dear Erik,

Many thanks.