How to Apply Existing Attack Signaturue Set to an ASM Policy using iControl REST API

Question

Hello,
I am trying to use the iControl REST API interface in order to automatically and programmatically apply attack signature sets to all of our ASM Policies defined on our 11.6 device. Following the REST User Guide, I saw that it was possible to create new resources for a given policy (there was an example using /mgmt/tm/asm/policies/MD5HASH/urls as the resource endpoint) and so I tried extending the same principle to /mgmt/tm/asm/policies/MD5HASH/signature-sets , as that appears to be the most appropriate endpoint in order to apply defined signatures-sets to policies
To illustrate further, issuing a GET request for signature-sets already applied to one of my ASM policies, I get the following as a response:
{"selfLink": "https://localhost/mgmt/tm/asm/policies/tWE3e4F2jlpKH22mCw0I0Q/signature-sets",
"kind": "tm:asm:policies:signature-sets:signature-setcollectionstate",
"totalItems": 1,
"items": [
{
"learn": false,
"kind": "tm:asm:policies:signature-sets:signature-setstate",
"alarm": true,
"signatureSetReference": 
{"link": "https://localhost/mgmt/tm/asm/signature-sets/2ODl_CpPYisXJvG_0bmcEA"},
"selfLink": "https://localhost/mgmt/tm/asm/policies/tWE3e4F2jlpKH22mCw0I0Q/signature-sets/GLKMhVlZQFNsMbMRD1EtkQ",
"id": "GLKMhVlZQFNsMbMRD1EtkQ",
"block": false}]}

Based off the key/value pairs on display here, I extrapolated and structured my JSON POST payload as follows to try and add a different existing signature set to the same policy as above -- I deduced that "signatureSet" is the only required JSON key to add here based off the error output that I've been receiving from the REST API and the above signature-set payload:
{ "signatureSet": "iZvFXdIDR8lEbUdSWttwPQ" }

However, I keep getting a 500 error from the REST API stating the following error message error_message:Could not parse/validate the Policy Signature Set.  Can\'t use string ("iZvFXdIDR8lEbUdSWttwPQ") as a HASH ref while "strict refs" in use. I don't quite understand what I'm doing wrong here -- is the signature set ID value not the appropriate value to provide here? The REST API Guide hasn't been too helpful as it does not provide signature-set POST sample requests.
Appreciate any help and clarification here! Thanks!

arnaud_lemaire · Answer

Hi if you want to add a signature-set, you need to POST on /mgmt/tm/asm/policies/tWE3e4F2jlpKH22mCw0I0Q/signature-sets your signature set defined as :
{
"learn": false,
"alarm": true,
"signatureSetReference": 
{"link": "https://localhost/mgmt/tm/asm/signature-sets/2ODl_CpPYisXJvG_0bmcEA"},
"block": false
}

where  {"link": ""} is the link to your new signature-set

joel01_143311 · Answer

Ah okay, excellent this worked! I think I tried specifying that signatureSetReference key at some point, but forgot to include the nested curly braces (also localhost name). Thanks a lot!&nbsp;

Forum Discussion

How to Apply Existing Attack Signaturue Set to an ASM Policy using iControl REST API

2 Replies

Recent Discussions

Chrome V 124+ on MacOS - Virtual Server Access Issue

F5Access | MacOS Sonoma

Transaction looks successful but file not downloading

Overwriting or adding LTM SSL Traffic cert and key using iControlREST

F5 Access Guard Deprecated: ZTA APM

Related Content

iControl REST Authentication Token Management

Microsoft Powershell with iControl

iControl vs AS3

Add LTM to existing HA pair

Existing Ansible BIG-IP modules