AltostratusHello,
Does anyone know a way of listing or exporting the currently enabled attack signatures on a specific policy? I created a new one and the default plus 3 other sets arrive at 1442 atack signatures, that is 73 pages on the guy. Is there a way to list them all so I could share it with application and security folks? I am running on v 12.
Regards
Carol
CirrostratusI'm not aware of any particularly simple ways to do this.
You can export the policies in XML format, but that only gives you the signature IDs, no names or descriptions.
Maybe have a look at this: https://support.f5.com/csp/article/K40533413
It says it applies to version 13+, but I checked and the REST API endpoints are there in version 12 as well.
Basically you query the API for the unique md5 hash ID of the policy, then you use that ID to get the signatures attached to that policy.
What the article doesn't mention: This procedure also only gives you a list of signature IDs and a reference link to another API endpoint /mgmt/tm/asm/signatures/<ID> where you can then finally fetch the signature details like name, description, etc.
Shouldn't be too hard to automate this, but it is unfortunately not a simple one liner.
AltostratusThank you! I just checked the article. sounds indeed the way to go. Let me test :)