Forum Discussion
Chris_Campbell1
May 23, 2013Cirrus
Depending on the signature it can be a keyword type or a regex type (you can see all the signature options here: http://support.f5.com/kb/en-us/products/big-ip_asm/manuals/product/config_guide_asm_10_2_0/asm_apx_attack_sig_syntax.html1005373) so it's certainly enough to say that if the signature was matched then a suspicious value was found. Having said that you need a full understanding of the application to say whether the particular match was a false positive or not. Usually the source of the attack gives you some clue, was this from an authenticated user? Can you find out who that user is and speak to them?