Manual Chapter :
Updating Attack and Bot Signatures
Applies To:
Show Versions
BIG-IP ASM
- 17.1.1, 17.1.0, 17.0.0, 16.1.5, 16.1.4, 16.1.3, 16.1.2, 16.1.1, 16.1.0, 16.0.1, 16.0.0, 15.1.9, 15.1.8, 15.1.7, 15.1.6, 15.1.5, 15.1.4, 15.1.3, 15.1.2, 15.1.1, 15.1.0, 15.0.1, 15.0.0, 14.1.5, 14.1.4, 14.1.3, 14.1.2, 14.1.0
Updating Attack and Bot Signatures
Overview: Updating the signature pools
The system includes an attack signature pool and a bot signature pool. These
pools include the system-supplied attack signatures and bot signatures, which are shipped with
the Application Security Manager, and any user-defined
signatures. You can update both pools using the Live Update feature.
F5 develops new signatures to recognize the latest attacks and bots, and you
can schedule periodic security updates to the signature pools, or perform manual updates. You can
also have the system send you an email when a security update is available.
Updating signatures
Before you can update the signature pools (attack signatures and bot signatures), you
must have a valid service agreement with F5 Networks, and a service check date within 7
days of the update request. The Application Security
Manager (ASM) must also have external network access for the automatic update
process to work.
For additional information regarding licensing
requirements, allowing signature file updates through a firewall, and configuring
signature file updates through an HTTPS proxy, refer to Solution 8217 in the AskF5
knowledge base (
https://support.f5.com/
).You can choose when to update signature pools so
that you always have the current security updates. Having an updated set of
system-supplied attack signatures and bot signatures provides protection from the latest
threats.
Update | Description |
|---|---|
Disabled | You must check for and manually select and install any available
updates. |
Real Time | Updates are installed as they become available. |
Scheduled | You can specify the times of day and week to install available
updates. |
- On the Main tab, click .The Live Update screen opens.
- Select the signature type from theUpdates Configurationlist:ASM Attach SignaturesorBot Signatures.
- To schedule automatic updates, forInstallation of Automatically Downloaded Updates, select your update preference.
- ClickSaveto preserve your changes.
The system connects to the F5 server periodically to see if there are any new
signatures or updates to existing attack signatures or bot signatures, and if there are,
it downloads and includes them. Any user-defined signatures remain in the pools
untouched.
After the update, the system places newly added and
updated signatures in staging if they are specified in one or more security policies
(for security policies with the staging feature enabled).
ASM records details about each signature update file, including added, modified and
deleted entities, and displays this information on the Installation Details window.
Select a file to view these details. On AskF5 you can review the Readme file that
pertains to the update. AskF5 also contains an article, Managing BIG-IP ASM Live
Updates (14.1.x) with more details.
Getting email about signature updates
If you want to receive notification from F5 Networks about signature updates
available for download, you can sign up for the Security Updates mailing list.
- From a web browser, open the Search the AskF5 Knowledge Base site,http://support.f5.com/.
- From the SELF-HELP menu, select Subscribe: Mailing ListsThe AskF5 Publication Preference Center page opens.
- Provide the email address to which you want the notifications sent.
- Select theSecurity Updateslist, as well as any others in which you are interested.
- ClickSubmit.Whenever F5 has signature updates available, or has information related to security, you will receive an email notification at the address you specified.
