Manual Chapter : Threat campaigns

Applies To:

Show Versions Show Versions


  • 16.0.0
Manual Chapter

Threat campaigns

Attackers are constantly looking for ways to exploit the latest vulnerabilities and new ways to exploit old vulnerabilities. The F5 Threat Research team is constantly monitoring malicious activity around the globe and creating signatures specific to these exploits. These Threat Campaign signatures are based on in-the-wild attacks. The Threat Campaign signatures contain contextual information about the nature and purpose of the attack.
As an example, a normal WAF signature might notify that SQL injection was attempted. A Threat Campaign signature notifies that a known threat actor used a specific exploit of the latest Apache Struts vulnerability in an attempt to deploy ransomware for cryptomining software.
The following is an example for threat campaign:
"name":"campaigns", "threat-campaigns": [ { "displayName": "SQL Injection - 999999.9", "performStaging": true, "isEnabled": false } ]