veredgf_96123
Oct 31, 2017Nimbostratus
Sysscan Scanner Request
Got a complaint from our boss about a web attack that was blocked by symantec IPS but wasn't blocked by ASM. Checked the specific policy and as far as I know all possible scan/scanner signatures (16 sigs) are in blocking mode and the sigs were updated just a few days ago.
I need to find out if there is a sig that correlates with the symantec IPS sig or not, and if not - is there a sig on the way. Alternatively, is there a different way to prevent this attack from F5?
This is the Symantec IPS reference: https://www.symantec.com/security_response/attacksignatures/detail.jsp?asid=30309
Thanks,
Vered