Header Ads

Recently post

Home / F5 / How to User-Defined Attack Signatures in F5 ASM

How to User-Defined Attack Signatures in F5 ASM

October 04, 2022

 How to User-Defined Attack Signatures in F5 ASM

Step 1-

We can go into the application create policy -







Step 2- 

Go into next options and select server, web application ,SQL




Step 3- 

Now assign this policy to Virtual server and go into Security policy-





Step4 -

Now click on options and go into click on signature-







Step 5-

Click on Create and put name and value -

Name : test
Systems: Various Systems
Attack Typs : Other application Attacks
Rule: Vuluecontent:"test";
Accuracy : High
Risk: Medium
Create 




Click on finish

Step 6 -

From Attack Signatures List select Advanced Filder , Search test and go 

Go to Options >> Application security >> Attack Signatures >> Attack Signatures sets create

Name: test_policy
Assing into policy by Default uncheck
Signature Types : Request
Attack types: other Application attacks




Step 7-

Apply attack signature to security policy 

Security >> Application security >> Attack Signature >> Attack Signature configuration



Step 8 -

Tiggger an attack signature violation

go to the auetion site and seach for test, then you can see the logs


Step 9-

Verify attack signature violation

Application security >> Policy building >> Manual Traffic learning 

Click the attack Signature detected 
"test" signature is in staging 
clear the violation

Step 10 -

Change policy enforcement mode and test results

Security >> Application Security >> Securiy Policies >> Active Policies and click on your policy

change enforcement mode to blocking 

-->> Save and apply 

Step 11-

Now check the logs 

Go into Security >> Events Logs >> Application Requests





No comments

Subscribe to: Post Comments ( Atom )