08-Feb-2022 09:39
Hi,
Does anyone have any links or knowledge around converting YARA and/or SNORT rules into ASM/AWAF custom signatures? Using 15.1.5 at the moment but was curious if this has been successful. I've seen this with AFM but not with ASM/AWAF:
Any help is greatly appreciated!
14-Feb-2022 09:03 - edited 14-Feb-2022 09:07
Hi, there's a section in "Attack Signatures" database menu that allows you to create default WAF signatures. From "Advanced" options you can use SNORT syntax as well.
I'm going by memory, but it should be something like Security/Options/Application Security/Attack Singatures/Attack Signature List , then "create". (from the environents I manage I see that this menu keeps changing position in major versions ... hope I'm right 😄 )
14-Feb-2022 23:17
Hi,
You can use ipp option to create custom bot signature (The ipp option is analogous to the Snort keyword pcre)
more details here : Asm Attack and bot signatures syntax
Regards