Manual Chapter : Managing Signature Files

Applies To:

Show Versions Show Versions

BIG-IQ Centralized Management

  • 5.1.0
Manual Chapter

About signature files in BIG-IQ Web Application Security

Through BIG-IQ® Web Application Security, you can view and manage signature files and signature file updates centrally for multiple BIG-IP® devices. For each signature file, the system displays the file name, the file version, the version of BIG-IP with which it is compatible, and its source.

You can also update certain signature file settings.
Note: You can lock for editing only the settings of signature files. You cannot edit signature files; therefore, there is no need to lock them.

By managing signature files from the BIG-IQ platform, the administrator can spend less time on signature updates and can view the signatures update information in a single central location.

The BIG-IP system includes an attack signature pool and a bot signature pool. These pools include the system-supplied attack signatures and bot signatures, which are shipped with the BIG-IP Application Security Manager, and any user-defined signatures.

BIG-IQ Web Application Security fetches all new and relevant signature files automatically from an external server proxy configured from the system interface. It can then push the signature files to the relevant BIG-IP device or to multiple BIG-IP devices. It displays the signature version for each device.

Note: You can lock (for edit or update) only the settings of signature files. You cannot edit signature files; therefore, there is no need to lock them.

Viewing signature file properties

An application security policy exported from BIG-IP® Application Security Manager™ includes any attack signature sets that are in use by the policy, but not the actual signatures. Therefore, it is good practice to make sure that the attack signatures (both system-supplied and user-defined) are the same on the two systems. Use the BIG-IQ® Web Application Security Signature Files screen to view signature file properties.
  1. Log in with Administrator, Security Manager, or Web App Security Manager credentials.
  2. Navigate to the Signature Files screen: click Web Application Security > Signature Files .
  3. In the Signatures file screen, click a specific signature file to view properties.
  4. When you are finished, click Cancel.

Signature file properties

Signature file properties are read-only and displayed for informational purposes only.

Property Description
Name Name of the signature file. Example: ASM-SignatureFile_20150917_152714.im123456789
Version Version of the signature file. Example: 1445276000000
Compatibility Version running on the BIG-IP® device with which the signature file is compatible. Example: BIG-IP 11.5.3
Source F5 Networks. Example: F5

Updating and pushing signature files

You can use the BIG-IQ® Web Application Security Signature files screen to update the signature files and push them to BIG-IP® devices.
  1. Log in with Administrator, Security Manager, or Web App Security Manager credentials.
  2. Navigate to the Signature Files screen: click Web Application Security > Signature Files > Update Process/Push Status .
  3. In Update Process/Push Status, edit the settings as needed.
    1. From the Interval list, select how often the update should run.
    2. This field is pre-populated with the current date and time. To change, type a starting date and time in the format: dd/mm/yyyy, hh:mm:ss AM (or PM). Example: 2/11/2016, 9:00:00 AM. Or, click in the field to bring up a calendar, select a date, and use the Hr and Min controls to select the hour and minute. You can also select Now, Clear, and Done.
    3. Select the Run Manual Sync check box to have the system synchronize the configuration with the standby device when a signature file is pushed to the primary BIG-IP device.
    Note that some fields are display only:
    • Last update: Specifies the last time the file was updated, and whether the update was done manually or automatically; for instance, Tue Oct 27 2015 10:40:27. (Triggered by scheduler).
    • Next update: Specifies the time of the next scheduled file update; for instance, Tue Oct 27 2015 10:40:27.
    • Last run status: Specifies the status of the last file update. Possible statuses include: Passed, Failed.
  4. When you are finished, click Save.
    You can click Cancel to close the screen without saving your changes.
    Signatures are updated.
  5. In the Current running task area, edit the settings as needed.
    1. Run now: To update the signature files and push them to the server, click the Update & push button.
      When the task has run to completion, the status displays as Completed. Ensure that the Auto update enabled check box on the Devices properties screen is checked, or updated files will not be pushed.
    2. Select the Run Manual Sync check box, and when a signature file is pushed to the primary BIG-IP device,the system synchronizes the configuration with the standby device.
    Note that the Current status setting specifies the status of the current file update. Possible statuses include: Passed, Failed.
  6. When you are finished, click Save.
    You can click Cancel to close the screen without saving your changes.
Signatures are updated.

If a signature file is pushed to a clustered system, the configuration of the nodes is synchronized. The ASM™ configuration is deployed to the active device and then synchronized with the standby device.