ASM Signatures Update

Question

Hello Experts&nbsp;
Should I make signature updates manual or automatic? What is the best practice &nbsp;

max_q_factor · Answer

Best practices are a matter of opinion. I think getting the signatures into your policy as quickly as possible is a good practice so automatic would be best for that. BUT, you have to be aware of new or updated signatures causing false positives and leave yourself a long enough staging period to review the learning suggestions in order to not create an issue with the protected resources by enforcing potential false positives and denying regular traffic.

boneyard · Answer

also think about the opposite, signatures that have been changed significantly go to staging. this might mean your expected protection is suddenly different.&nbsp;

Forum Discussion

ASM Signatures Update

2 Replies

Recent Discussions

F5 Rseries R2600 Tenant sizing

About AWAF "Redirect URLs" in "Responses and Blocks"

ISP Bandwidth Utilization

Chrome V 124+ on MacOS - Virtual Server Access Issue

F5 Rseries HA

Related Content

Live Update- ASM attack signatures

Mitigating JSON-based SQL injection with BIG-IP ASM / Advanced WAF Attack Signatures

Are ASM Attack Signature Updates Cummulative?

Auditing Security Policy Updates

In an active/standby setup of ASM, with sync only device group, do signature updates sync up?