Manual Chapter : Managing Signature, Server Technologies, and Browser Challenges and Threat Campaign Files

Applies To:

Show Versions Show Versions

BIG-IQ Centralized Management

  • 8.3.0, 8.2.0, 8.1.0
Manual Chapter

Managing Signature, Server Technologies, and Browser Challenges and Threat Campaign Files

About file update management in Web Application Security

You can download, upload, and install Signature, Server Technologies, and Browser Challenges, and Threat Campaign update files from one central location for multiple BIG-IP devices. For each file, the system displays the file name, version, BIG-IP version on which it is compatible, and its source. You can also schedule automatic file updates so that update files are downloaded and installed automatically at time intervals that you define.
The Signature file contains rules that run on incoming HTTP requests and other network traffic, and can identify potential attacks that can exploit vulnerabilities on your server. The Server Technologies file contains rules that can identify the underlying technologies used by the web application and how the web application is composed. When this is known, the BIG-IP system can apply more appropriate protections, such as signatures, on your server. The Browser Challenges file contains JavaScript that runs on web browsers on the client-side and is used mainly by the bot defense profile to implement bug fixes. Keeping the Signature file, Server Technologies file, and Browser Challenges file up-to-date is an important part of protecting your system.
The contents of the Browser Challenges file are applied only 24-48 hours after installation of the file.
The BIG-IP system includes an attack signature pool and a bot signature pool. These pools include the system-supplied attack signatures and bot signatures, which are shipped with the BIG-IP Application Security Manager, and any user-defined signatures.
Web Application Security fetches all new and relevant signature files from an external server, which might use a proxy. You can configure a proxy from the BIG-IQ Centralized Management system (
System
PROXIES
). BIG-IQ can then push the signature files to the relevant BIG-IP device or devices, and it displays the signature version for each device.
Web Application Security signature file processing, such as importing, downloading, installing (pushing to devices), and deleting signature files, requires the following built-in roles, or the equivalent permissions on a custom role: Administrator, Security Manager, or Web App Security Manager.

Authorize a user to upload, download, and install Signature, Server Technologies, and Browser Challenges files

Configure fine-grained role-based access credentials to authorize a dedicated user to upload, download, and install Signature, Server Technologies, and Browser Challenges files. This authorization also includes permission to schedule automatic file updates.
  1. Click
    System
    ROLE MANAGEMENT
    Role Types
    .
    The Role Types screen opens.
  2. Click
    Add
    .
    The New Role Type screen opens.
  3. Assign a name that identifies the role type.
  4. From the
    Select Service
    list, select
    Web Application Security (ASM)
    .
    The Object Type list appears.
  5. In the Object Type list, select
    Signature Files
    and in the Items section at the lower right, ensure that
    RELATED OBJECT TYPES
    is selected.
  6. Click the
    Add Selected
    button.
  7. Click
    Save & Close
    .
  8. On the left, click
    ROLE MANAGEMENT
    Resource Groups
    .
    The Resource Groups screen opens.
  9. Click
    Add
    .
    The New Resource Group screen opens.
  10. Assign a name that identifies the Resource Group.
  11. In the
    Role Type (Optional)
    list, select the role type that you previously created.
  12. In the
    Select Service
    list, select
    Web Application Security (ASM)
    .
  13. In the
    Select Object Type
    list, select
    Signature Files
    .
  14. Click the
    Add Selected
    button.
  15. Click
    Save & Close
    .
  16. On the left, click
    ROLE MANAGEMENT
    Roles
    .
    The Roles navigation menu appears.
  17. In the Roles navigation menu, click
    CUSTOM ROLES
    Service Roles
    .
  18. Click
    Add
    .
  19. Assign a name that identifies the role.
  20. For
    Role Type
    list, select the role type that you previously created.
  21. For
    Role Mode
    , select either
    Strict Mode
    or
    Relaxed Mode
    .
  22. In the
    Resource Groups
    setting, from the
    Available
    list, select the resource group that you previously created and move it to the
    Selected
    list.
  23. If you want to assign this role to existing users or groups, in the
    Active Users and Groups
    setting select the user or group name from the
    Available
    list and move it to the
    Selected
    list.
  24. Click
    Save & Close
    .
  25. If you want to create a new user and assign the role this user, click
    USER MANAGEMENT
    Users
    .
  26. Click
    Add
    .
    The New User screen opens.
  27. Assign a
    User Name
    ,
    Full Name
    , and
    Password
    and confirm the password.
  28. For the
    Roles
    setting, select the role that you previously created from the
    Available
    list and move it to the
    Selected
    list.
  29. Click
    Save & Close
    .
The user role now has privileges to manage files in BIG-IQ. Any user who logs in using the configured credentials will be able to perform tasks of file management, according to the applied settings.

Download an update file from the F5 update server

Before you start this task, make sure that your current BIG-IQ account has Administrator, Security Manager, or Web App Security Manager credentials, or a custom role with equivalent permissions. These permissions are required for downloading Signature, Server Technologies, Browser Challenges, and Threat Campaign update files.
Download a Signature, Server Technologies, or Browser Challenges update file from the F5 update server to ensure that you have the most up-to-date protection on your BIG-IP devices.
  1. Go to
    Configuration
    SECURITY
    Threat Intelligence
    Web Application Security
    .
    The screen provides a menu for Signature Files, Server Technology Files, Browser Challenges Files, and Threat Campaigns Files. Expand one of these menu options and select the
    ...Files List
    option for your required file type.
  2. Click
    Download
    .
    The Choose download and install option screen opens.
  3. Choose one of the following download options:
    • Download latest files
      : Choose this option to download the most up-to-date file but not install it at this time.
    • Download latest files and install on All devices:
      Choose this option to download the most up-to-date file and install it immediately after download on all BIG-IP devices in the cluster.
    • Download latest files and install on Active devices:
      Choose this option to download the most up-to-date file and install it immediately after download on the primary BIG-IP devices in the cluster.
  4. Click
    OK
    .
The most up-to-date file is downloaded to the BIG-IQ system and appears in the list in the Files List screen. If you chose the download and install option, the file is pushed to the BIG-IP devices in the cluster and installed on them.
If you did not choose the download and install option, you need to manually install the update file.
You can check the status of the download under the
Configuration
tab by going to
SECURITY
Threat Intelligence
Web Application Security
. Then in the relevant file menu, select
Download Process
and click the file name in the list.
If you chose the download and install option, you can check the status under the
Configuration
tab at
SECURITY
Threat Intelligence
Web Application Security
. Then, in the relevant file, menu select
Download and Install
and click the file name in the list.

Upload a file stored locally

Before you start this task, make sure that your current BIG-IQ account has Administrator, Security Manager, or Web App Security Manager credentials, or a custom role with equivalent permissions. These permissions are required to upload Signature, Server Technologies, Browser Challenges, and Threat Campaign files.
You can upload a locally stored Signature, Server Technologies, Browser Challenges, or Threat Campaign file to the BIG-IQ system if you do not want to download the update file from the F5 update server.
  1. Click
    Configuration
    SECURITY
    Threat Intelligence
    Web Application Security
    .
    The SIGNATURE FILES, SERVER TECHNOLOGIES FILES, and BROWSER CHALLENGES FILES menus appear.
  2. Expand the menu for the file you would like to upload, and select the file list view.
  3. Click
    Import
    .
    The Import File screen opens.
  4. Specify how to upload the file:
    • Click
      Choose File
      , and then:
      1. Navigate to the file you want to upload.
      2. Click
        Open
        . The file name appears in the Import File screen.
      3. Click
        Import
        at the bottom of the Import File screen. The update file now appears in the Files List.
    • Drag and drop the update file from its original location to the area labeled Drop Update File Here. After you do this, the Files List appears, showing the update file.
After the file is uploaded, you need to install it manually.

Install a file

Before you start this task, make sure that your current BIG-IQ Centralized Management account has Administrator, Security Manager, or Web App Security Manager credentials, or a custom role with equivalent permissions. These permissions are required for installing Signature, Server Technologies, and Browser Challenges files.
Install a Signature, Server Technologies, or Browser Challenges update file to one or more BIG-IP devices to ensure that you have the most up-to-date protection on your BIG-IP devices.
  1. Click
    Configuration
    SECURITY
    Threat Intelligence
    Web Application Security
    .
    The SIGNATURE FILES, SERVER TECHNOLOGIES FILES, and BROWSER CHALLENGES FILES menus appear.
  2. In the relevant menu, click the Files List.
  3. In the Files List, click the name of the file you want to install.
    The file properties screen opens.
  4. In the
    Install to Devices
    setting, specify which BIG-IP devices should receive the file by moving them from the
    Available Devices
    list to the
    Selected Devices
    list.
  5. From the
    Install To
    list, choose whether to install the file on all BIG-IP devices in the cluster or on just the active (primary) devices in the cluster.
    Once a file is deployed to an active clustered BIG-IP device, a synchronization task will run on the BIG-IP device cluster.
  6. Click
    Install
    .
    The BIG-IQ system pushes the file to the BIG-IP devices that you selected and the file is installed on those devices.
You can check the status of the installation by going to
SECURITY
Threat Intelligence
Web Application Security
. Then, in the relevant file menu select
Install Status
and click the name of the file in the list.

Schedule automatic file updates

Before you start this task, make sure that your current BIG-IQ Centralized Management account has Administrator, Security Manager, or Web App Security Manager credentials, or a custom role with equivalent permissions. These permissions are required for scheduling automatic file updates.
Schedule automatic updates of Signature, Server Technologies, and Browser Challenges files to automate the process of downloading and installing updated files at specified time intervals.
  1. Click
    Configuration
    SECURITY
    Threat Intelligence
    Web Application Security
    .
    The SIGNATURE FILES, SERVER TECHNOLOGIES FILES, and BROWSER CHALLENGES FILES menus appear.
  2. In the relevant menu, click the Files List.
  3. Click
    Settings
    .
    The Settings screen opens.
  4. For the
    Remote Updates
    setting, select
    Enabled
    .
    If this setting is disabled, the other settings are not displayed.
  5. In the
    Interval
    setting, select how often the scheduled update should run.
    If you choose
    Custom
    , select a time interval from the
    Custom
    list.
  6. For the
    Starting at
    setting, specify when the scheduled update should begin.
    You must select a date and time in the future.
  7. In the
    Proxy
    setting, select the proxy to use when retrieving signature files, or select
    None
    .
    You can configure proxies in the BIG-IQ Centralized Management system (
    System
    PROXIES
    ).
  8. From the
    Install To
    list, choose whether you want the update files installed on all BIG-IP devices in the cluster or only on the active (primary) devices in the cluster.
    Once a file is deployed to an active clustered BIG-IP device, a synchronization task will run on the BIG-IP device cluster.
  9. Click
    Save & Close
    .
  10. Follow these steps for every BIG-IP device that you want to receive the automatic updates:
    1. Go to
      SECURITY
      Web Application Security
      Devices
      .
    2. Click the device name in the Devices List.
      The Properties screen for this device opens.
    3. In the Scheduled Updates section, select the
      Allow Automatic Install
      check box for the relevant file type.
    4. Click
      Save & Close
      .
You can check the status of the download and installation by going to
SECURITY
Threat Intelligence
Web Application Security
. Then, in the relevant file menu select
Download and Install Process
and click the file name in the list.