Forum Discussion

SSHSSH_97332's avatar
SSHSSH_97332
Icon for Nimbostratus rankNimbostratus
Oct 13, 2013

F5 ASM Attack Signature Update

what are best practices for attack signature updates ? automatic or manual ? Which frequency shall be better used if manual & if Automatic ?

 

4 Replies

  • nathe's avatar
    nathe
    Icon for Cirrocumulus rankCirrocumulus

    Hi sshssh,

     

    I'm not sure there's a best practice, rather whatever suits the particular environment.

     

    That being said I only ever do manual updates so I can have control over the whole process. It's more important to me that I can monitor the changes and keep an eye on any new/changed signatures being triggered than getting them applied in a more timely fashion if they were set to update automatically.

     

    N

     

  • MVA's avatar
    MVA
    Icon for Nimbostratus rankNimbostratus

    We utilize Enterprise Manager to notify us when new signatures are downloaded/available on EM. We then push the updates in non-prod and coordinate with app teams for testing, then move onto Prod. I don't believe we'll get to a more automated process as the need to for app reliability is most important.

     

  • is there an option to put new signatures in staging for a period of time , while policy mode is blocking ?

     

  • nathe's avatar
    nathe
    Icon for Cirrocumulus rankCirrocumulus

    Yes, under Application Security, Policy, Policy, Properties there is a "Staging-Tightening Period" you can set. This defines the period in which any newly added signatures are placed in staging so, if triggered, just logs and doesn't block (even if policy mode is blocking). At the end of this period you can then enforce those sigs that haven't been triggered and/or make exceptions to any false positives that may have occurred on these new sigs (Policy Building - manual - Staging/tightening summary).

     

    Also, you can choose to put updated sigs also in staging (check box when you do the update).

     

    Hope this helps,

     

    N