The ASM regularly updates its attack signatures. Would those signatures include source IP addresses of known malicious actors? Or would those be sourced somewhere else within ASM?
No, It's a subscription service based on Webroot IP Reputation.
You can find more details on this service here : https://support.f5.com/csp/article/K13875