Applies To:Show Versions
- 15.0.0, 14.1.0
Updating Attack and Bot Signatures
Overview: Updating the signature pools
The system includes an attack signature pool and a bot signature pool. These pools include the system-supplied attack signatures and bot signatures, which are shipped with the Application Security Manager, and any user-defined signatures. You can update both pools using the Live Update feature.
F5 develops new signatures to recognize the latest attacks and bots, and you can schedule periodic security updates to the signature pools, or perform manual updates. You can also have the system send you an email when a security update is available.
For additional information regarding licensing requirements, allowing signature file updates through a firewall, and configuring signature file updates through an HTTPS proxy, refer to Solution 8217 in the AskF5 knowledge base (https://support.f5.com/).
|Disabled||You must check for and manually select and install any available updates.|
|Real Time||Updates are installed as they become available.|
|Scheduled||You can specify the times of day and week to install available updates.|
On the Main tab, click
. The Live Update screen opens.
- Select the signature type from the Updates Configuration list: ASM Attach Signatures or Bot Signatures.
- To schedule automatic updates, for Installation of Automatically Downloaded Updates, select your update preference.
- Click Save to preserve your changes.
After the update, the system places newly added and updated signatures in staging if they are specified in one or more security policies (for security policies with the staging feature enabled).
ASM records details about each signature update file, including added, modified and deleted entities, and displays this information on the Installation Details window. Select a file to view these details. On AskF5 you can review the Readme file that pertains to the update. AskF5 also contains an article, Managing BIG-IP ASM Live Updates (14.1.x) with more details.
Getting email about signature updates
- From a web browser, open the Search the AskF5 Knowledge Base site, http://support.f5.com/.
From the SELF-HELP menu, select Subscribe: Mailing Lists
The AskF5 Publication Preference Center page opens.
- Provide the email address to which you want the notifications sent.
- Select the Security Updates list, as well as any others in which you are interested.
Whenever F5 has signature updates available, or has information related to security, you will receive an email notification at the address you specified.