Forum Discussion

Wasfi_182818's avatar
Wasfi_182818
Icon for Nimbostratus rankNimbostratus
Feb 17, 2016

Attack signature file location in the file system

Hi;

 

Where in the BIGIP file system is the attack signature file stored. Also, when an admin downloads the latest signature file, is it just the delta or the whole list of signatures

 

Kindly Wasfi

 

3 Replies

  • ASM attack signatures are not stored in a file on BIG-IP - these are stored in the ASM's internal mySQL database.

     

  • Hello Folks,

     

    I have just figured this out. You can get the internal ASM Signatures by generating as ASM QKview and looking for the following file.

     

    ASM Qkview: nice -n19 asmqkview -s0 --add-proxy-log

     

    Once the QKview is generated, open it in 7ZIP. On the root you will find the file name "asm_module.xml". Open it in any editor and look for the signature you want to analyze.

     

    I have also opened a new thread at DC for the same, I think I would need to update it.

     

    Cheers! Darshan

     

    • swo0sh_gt_13163's avatar
      swo0sh_gt_13163
      Icon for Altostratus rankAltostratus
      Hello Folks, It seems the file I am referring contains only USER-DEFINED signatures and not the default signatures come with the appliance. Sorry, my bad. Please share the solution if anyone finds.