Signature sets precedence for ASM Policy
Had a query on signature sets on ASM Policy. In my Policy Attack Signature Configuration, i can see multiple groups based on which i can select either to learn, alarm or block. Basically i want to tune my policies as all of the signature sets are currently on block mode. If i want to disable just the OWA Signatures and set it to Alarm only. Should i be disabling block for "All Signatures" as well and select Attack specific signatures sets. Will enabling block for "All signatures" override the "OWA signatures" Learn only setting? Wanted to know the precedence of applying signature based checks.
Exporting a full list of Attack Sigantures
Hi. I am looking to export a full list of the current signatures I have in blocking mode. If possible, I would like to separate these lists in to their signature sets. If I navigate to "Security ›› Options : Application Security : Attack Signatures : Attack Signature Sets" then I can view the different signature set types. Let's take the High Accuracy Signatures for instance. If I click on those, I get a list of signatures that are a part of that set, but I cannot copy and paste them. I have people asking me for a list of these signatures so I am hoping there is an easy way to extract these. They want to be able to share it within their team to show what the WAF is doing for them, and what it is blocking so they can test it out for themselves. Is it a possibility that a file exists in the console that I can pull down through WinSCP that has a list of these? Similarly if I go to "Security ›› Application Security : Attack Signatures" I would like to be able to export the full list of 2857 signatures I have for this policy. Thanks.
