Block all high/medium severity rules

Question

Dear All,&nbsp;
I use F5-ASM, and it learning from my traffic now, but as I saw it catch only low severty rules.&nbsp;
Has any options in F5-ASM to set all high/medium severity rules to block state without traffic learning?
Did anyone something like this?&nbsp;
Thanks,&nbsp;

jad_tabbara__j1 · Answer

Hello,&nbsp;
Not sure if we are talking about same thing, but in ASM you have both "Attack Signatures" and "Violations". If the problem is with the "Attack Signatures" then you can modify your ASM policy to trig only on following "Attack Signatures" categories : &nbsp;
Signature Set Name : &nbsp;

High Accuracy Signatures&nbsp;

Medium Accuracy Signatures&nbsp;

To do this you have to go to "Security  ››  Application Security : Policy Building : Learning and Blocking Settings" under "Attack Signatures" click on the "Change" button and replace the existing by above categories. &nbsp;
Regards&nbsp;

Forum Discussion

Block all high/medium severity rules

1 Reply

Recent Discussions

F5Access | MacOS Sonoma

Overwriting or adding LTM SSL Traffic cert and key using iControlREST

Enabling AVR and creating Profiles

Get associated pool name from VIP IP using F5-LTM

Disacard SSL::cert mode to ignore when default SSLClient profile is set to request or require

Related Content

Copy over self IPs from several partitions

Block traffic

domain blocking

Protect an application spread across several locations with F5 XC WAAP and Multi-Cloud Networking

Block IP after a number of ASM Blocks