Help
Technical Forum
Ask questions. Discover Answers.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Technical Forum Quicklinks: No Replies | Active-Not Solved | Recent Solutions

export "ready to be enforced" signature list

Go to solution
simon_kwon
Nimbostratus
Nimbostratus

‎02-Aug-2023 00:57

Hi there,

We have tried to export/list the "ready to be enforced" signatures for our team.

I have tried to find it through MySQL, but I cannot find it on here.

 

Is there any way to find it?

Labels:
0 Kudos
1 ACCEPTED SOLUTION

Go to solution
simon_kwon
Nimbostratus
Nimbostratus

‎02-Aug-2023 19:17

Not to use the GUI, I found the other method to list the "ready to be enforced" signatures

This is the way to do with iControl:

 

 

restcurl -u admin:[password] "/tm/asm/policies/[Policy ID]/signatures?\$select=&\$filter=enabled+eq+true+and+performStaging+eq+true+and+wasUpdatedWithinEnforcementReadinessPeriod+eq+false+and+hasSuggestions+eq+false+and+inPolicy+eq+true"

with this API call, signature IDs can be listed.

View solution in original post

3 REPLIES 3

Go to solution
CA_Valli
MVP
MVP

‎02-Aug-2023 03:15

Enforcement readiness is a per-policy behavior.
Easiest way to find it will be in the GUI: move to Security > Policies > Policy List > (policy name) > Attack Signatures  menu, and filter Status: Ready to be enforced.

CA_Valli_1-1690970926945.png

 

Or, in older versions, move to the Application Security > Attack Signatures menu, select the intended policy from the drop-down menu, then expand the Advanced Filter and select "Ready to be enforced" for Staging. 

CA_Valli_0-1690970650340.png

 

This method does not allow you to export the list, sadly.
You can check this thread however, where the pinned answer is a script that automates policy installation and it uses the API functions of the BIG-IP to query it for the enforcement-ready entities of every policy. 

It will require some tuning but it's a very good start IMO. 

Go to solution
simon_kwon
Nimbostratus
Nimbostratus

‎02-Aug-2023 19:17

Not to use the GUI, I found the other method to list the "ready to be enforced" signatures

This is the way to do with iControl:

 

 

restcurl -u admin:[password] "/tm/asm/policies/[Policy ID]/signatures?\$select=&\$filter=enabled+eq+true+and+performStaging+eq+true+and+wasUpdatedWithinEnforcementReadinessPeriod+eq+false+and+hasSuggestions+eq+false+and+inPolicy+eq+true"

with this API call, signature IDs can be listed.

Go to solution
jerrymark
Nimbostratus
Nimbostratus

‎01-Sep-2023 03:25

Wow, that's an amazing feat! I am grateful that you have shared this. It appeals to me.

0 Kudos
Copyright © 2023 Khoros, LLC