How to User-Defined Attack Signatures in F5 ASM

Posted by

 How to User-Defined Attack Signatures in F5 ASM

Step 1-

We can go into the application create policy –


Step 2- 

Go into next options and select server, web application ,SQL
Step 3- 
Now assign this policy to Virtual server and go into Security policy-
Step4 –
Now click on options and go into click on signature-

Step 5-

Click on Create and put name and value –
Name : test
Systems: Various Systems
Attack Typs : Other application Attacks
Rule: Vuluecontent:”test”;
Accuracy : High
Risk: Medium
Create 
Click on finish
Step 6 –
From Attack Signatures List select Advanced Filder , Search test and go 
Go to Options >> Application security >> Attack Signatures >> Attack Signatures sets create
Name: test_policy
Assing into policy by Default uncheck
Signature Types : Request
Attack types: other Application attacks
Step 7-

Apply attack signature to security policy 
Security >> Application security >> Attack Signature >> Attack Signature configuration
Step 8 –

Tiggger an attack signature violation
go to the auetion site and seach for test, then you can see the logs
Step 9-

Verify attack signature violation
Application security >> Policy building >> Manual Traffic learning 
Click the attack Signature detected 
“test” signature is in staging 
clear the violation
Step 10 –

Change policy enforcement mode and test results
Security >> Application Security >> Securiy Policies >> Active Policies and click on your policy
change enforcement mode to blocking 
–>> Save and apply 
Step 11-

Now check the logs 

Go into Security >> Events Logs >> Application Requests


[the-post-grid id=”9538″ title=””]

Visit Our Store and Buy All document (F5, Zscaler, ASA, Paloalto, Checkpoint,Forescout, Cisco ISE etc) only in  1600RS, click here on store - Store

X
error: Content is protected !!