Forum Discussion

Rajit_171155's avatar
Rajit_171155
Icon for Nimbostratus rankNimbostratus
Sep 22, 2014

Best practices for attack signature update/maintenance on ASM

We are looking for suggestions regarding best practices for attack signature update/maintenance on ASM in an university environment. We would like to have inputs for the following questions   How...
ASM Advanced WAF
management
security
Thomas_Gobet's avatar
Thomas_Gobet
Icon for Nimbostratus rankNimbostratus
Sep 22, 2014

Hi,

 

  1. Attacks signatures should be updated as often as you can. You won't need to apply each version, it will depend on what you have to protect.

     

  2. Again it depends on which security management you apply. To avoid some false positives, you have to change blocking signatures to staging mode. I usually do that, you'll avoid to be waked up at 3am for "nothing".

     

  3. Yes you can do that. Each ASM policy is isolated from others. So on your QA policy, you can update a policy whereas on your prod one you don't apply the update.

     

  • Rajit_171155's avatar
    Rajit_171155
    Icon for Nimbostratus rankNimbostratus
    Sep 23, 2014
    Thank you for your response. I was wondering if there is any document that suggests the step by step process to push the attack signature updates per policy. We do not want to apply the attack signature updates gobally. Thank you again!
  • dennypayne's avatar
    dennypayne
    Icon for Employee rankEmployee
    Sep 24, 2014
    Actually I don't think 3 is possible on the same device. Attack signature updates are global and there doesn't appear to be any way to update them on a per policy basis (at least not as of 11.5.1).
  • nathe's avatar
    nathe
    Icon for Cirrocumulus rankCirrocumulus
    Sep 24, 2014
    I agree with Denny on that. Once you apply signatures, after the enforcement period is over you'll get a suggestion to Enforce Signatures on each policy in the Policies Summary screen
  • Rajit_171155's avatar
    Rajit_171155
    Icon for Nimbostratus rankNimbostratus
    Sep 26, 2014
    Thank you Denny and nthan