Forum Discussion
Thomas_Gobet
Sep 22, 2014Nimbostratus
Hi,
-
Attacks signatures should be updated as often as you can. You won't need to apply each version, it will depend on what you have to protect.
-
Again it depends on which security management you apply. To avoid some false positives, you have to change blocking signatures to staging mode. I usually do that, you'll avoid to be waked up at 3am for "nothing".
-
Yes you can do that. Each ASM policy is isolated from others. So on your QA policy, you can update a policy whereas on your prod one you don't apply the update.
- Rajit_171155Sep 23, 2014NimbostratusThank you for your response. I was wondering if there is any document that suggests the step by step process to push the attack signature updates per policy. We do not want to apply the attack signature updates gobally. Thank you again!
- dennypayneSep 24, 2014EmployeeActually I don't think 3 is possible on the same device. Attack signature updates are global and there doesn't appear to be any way to update them on a per policy basis (at least not as of 11.5.1).
- natheSep 24, 2014CirrocumulusI agree with Denny on that. Once you apply signatures, after the enforcement period is over you'll get a suggestion to Enforce Signatures on each policy in the Policies Summary screen
- Rajit_171155Sep 26, 2014NimbostratusThank you Denny and nthan