Forum Discussion

Altostratus

Nov 25, 2019

ASM - TMSH or export the attack signature enabled on a security policy

Hello, Does anyone know a way of listing or exporting the currently enabled attack signatures on a specific policy? I created a new one and the default plus 3 other sets arrive at 1442 atack si...

Cirrostratus

Nov 26, 2019

I'm not aware of any particularly simple ways to do this.

You can export the policies in XML format, but that only gives you the signature IDs, no names or descriptions.

Maybe have a look at this: https://support.f5.com/csp/article/K40533413

It says it applies to version 13+, but I checked and the REST API endpoints are there in version 12 as well.

Basically you query the API for the unique md5 hash ID of the policy, then you use that ID to get the signatures attached to that policy.

What the article doesn't mention: This procedure also only gives you a list of signature IDs and a reference link to another API endpoint /mgmt/tm/asm/signatures/<ID> where you can then finally fetch the signature details like name, description, etc.

Shouldn't be too hard to automate this, but it is unfortunately not a simple one liner.

carol
Altostratus
Nov 26, 2019
Thank you! I just checked the article. sounds indeed the way to go. Let me test :)

Forum Discussion

ASM - TMSH or export the attack signature enabled on a security policy

Recent Discussions

What happens if I only enable ASM in BIG-IP Under System > Resource Provisioning

What is the meaning is 52% block in WAF

Rundeck ansible F5 errors

rewrite Azure AD response for portal access via web portal

AS3 Monitoring multiple ports selectively

Related Content

captcha not show after enable header security

Using ChatGPT for security and introduction of AI security

Auditing Security Policy Updates

Minimizing Security Complexity: Managing Distributed WAF Policies

Adaptive Apps: Replicate & deploy WAF application security policies across F5's security portfolio