cancel
Showing results for 
Search instead for 
Did you mean: 

YARA and SNORT Conversion to ASM/AWAF Custom Signatures

JustCooLpOOLe
Cirrocumulus
Cirrocumulus

Hi,

Does anyone have any links or knowledge around converting YARA and/or SNORT rules into ASM/AWAF custom signatures?  Using 15.1.5 at the moment but was curious if this has been successful.  I've seen this with AFM but not with ASM/AWAF:

https://community.f5.com/t5/technical-articles/converting-a-snort-rule-to-an-afm-protocol-inspection...

Any help is greatly appreciated!

2 REPLIES 2

CA_Valli
Cumulonimbus
Cumulonimbus

Hi, there's a section in "Attack Signatures" database menu that allows you to create default WAF signatures. From "Advanced" options you can use SNORT syntax as well. 

I'm going by memory, but it should be something like  Security/Options/Application Security/Attack Singatures/Attack Signature List , then "create". (from the environents I manage I see that this menu keeps changing position in major versions ... hope I'm right 😄

Lidev
MVP
MVP

Hi,

You can use ipp option to create custom bot signature (The ipp option is analogous to the Snort keyword pcre)
more details here : Asm Attack and bot signatures syntax 

Regards