Forum Discussion

mkeenan_289714's avatar
mkeenan_289714
Icon for Nimbostratus rankNimbostratus
Oct 06, 2016

Customizing Attack Signatures

How can I manually alter attack signatures that are attached to a security policy? For example, if a signature is matched, how can we customize that specific signature for our application?

 

2 Replies

  • Can you clarify what you mean by "customize" the signature for your policy? You cannot edit the attack signatures that ship with the product or that you download from F5. You can edit signatures that you create yourself.

     

  • Having QA run valid traffic is a great way to start. So the script example might be tricky. ASM is sophisticated enough that the simple presence of your example in some random request might not trigger an attack signature at all. A good plan of action might be to watch those attack signatures which are triggered, and then take a good look at what caused the violation. If script and open/end tags are allowed as input for a form parameter, then you could disable that signature on that parameter, for example. Any policies you create can be exported to another licensed ASM unit or applied to virtual servers. Attack signatures start out in staging, so you should be able to run traffic without affecting traffic.