Applies To:

Show Versions Show Versions

Manual Chapter: Managing Signature Files
Manual Chapter
Table of Contents   |   << Previous Chapter   |   Next Chapter >>

About signature files in BIG-IQ Web Application Security

The Signature files panel in BIG-IQ® Web Application Security lists the signature files for each discovered BIG-IP® device, and enables you to view signature file properties, edit signature settings, update signature files, and push them to BIG-IP devices.

Currently, administrators can manage signature files for one BIG-IP device from the BIG-IP Configuration Utility.

BIG-IQ Web Application Security, however, provides central management for signature files and signature file updates for multiple devices. By managing signatures from the BIG-IQ platform, the administrator can spend less time on signature updates and view the signatures update information in a single central location.

The BIG-IP system includes an attack signature pool and a bot signature pool. These pools include the system-supplied attack signatures and bot signatures, which are shipped with the BIG-IP Application Security Manager, and any user-defined signatures.

BIG-IQ Web Application Security fetches all new and relevant signature files automatically from an external server proxy configured from the system interface. It then pushes the signatures to the relevant BIG-IP device or to multiple BIG-IP devices. It displays the signature version for each device.

Note: This feature is available to users with the Administrator role, the Security Manager role, or the Web App Security Manager role.

Viewing signature file properties

An application security policy exported from BIG-IP® Application Security Manager™ includes any user-defined attack signature sets that are in use by the policy, but not the actual signatures. Therefore, it is good practice to make sure that the attack signatures and user-defined signatures are the same on the two systems. Use the BIG-IQ® Web Application Security Signature files panel to view signature file properties.
  1. Log in with Administrator, Security Manager, or Web App Security Manager credentials.
  2. Navigate to the Signature files screen: click Web Application Security > Overview and, in the Signatures file panel, hover over a specific signature file.
  3. When the gear icon appears, select Show Properties to display property details.
  4. When you are finished, click Cancel.

Signature file properties

Signature file properties are read-only and displayed for informational purposes only.

Property Description
File name Name of the signature file. Example: ASM-SignatureFile_20150917_152714.im
File version Version of the signature file. Example: 1445276000000
Product version Version running on the BIG-IP® device.

Updating and synchronizing signature files

You can use the BIG-IQ® Web Application Security Signature files panel to update the signature files and push them to BIG-IP® devices.
  1. Log in with Administrator, Security Manager, or Web App Security Manager credentials.
  2. Navigate to the Signature files screen: click Web Application Security > Overview , and in the Signature files panel, click Signature Settings.
  3. In the Update tab, edit the settings as needed.
    1. From the Interval list, select how often the update should run.
    2. For Starting at, type a starting weekday, date, and time in the format: ddd mmm dd yyyy hh:mm:ss. Example: Tue Oct 27 2015 10:40:27. Or, click in the field to bring up a calendar, select a date, and use the Hour slider to select the time.
    3. Select the Run Manual Sync check box to have the system synchronize the configuration with the standby device when a signature file is pushed to the primary BIG-IP device.
    Note that some fields are display only:
    • Last update: Specifies the last time the file was updated, and whether the update was done manually or automatically; for instance, Tue Oct 27 2015 10:40:27. (Triggered by scheduler).
    • Next update: Specifies the time of the next scheduled file update; for instance, Tue Oct 27 2015 10:40:27.
    • Last run status: Specifies the status of the last file update. Possible statuses include: Passed, Failed.
  4. When you are finished, click Save.
    You can click Cancel to close the panel without saving your changes.
    Signatures are updated.
  5. In the Current running task area, edit the settings as needed.
    1. Run now: To update the signature files and push them to the server, click the Update & push button.
      When the task has run to completion, the status displays as Completed. Ensure that the Auto update enabled check box on the Devices properties panel is checked, or updated files will not be pushed.
    2. Select the Run Manual Sync check box, and when a signature file is pushed to the primary BIG-IP device,the system synchronizes the configuration with the standby device.
    Note that the Current status setting specifies the status of the current file update. Possible statuses include: Passed, Failed.
  6. When you are finished, click Save.
    You can click Cancel to close the panel without saving your changes.
Signatures are updated.

If a signature file is pushed to a clustered system, the configuration of the nodes is synchronized. The ASM™ configuration is deployed to the active device and then synchronized with the standby device.

Table of Contents   |   << Previous Chapter   |   Next Chapter >>

Was this resource helpful in solving your issue?




NOTE: Please do not provide personal information.



Incorrect answer. Please try again: Please enter the words to the right: Please enter the numbers you hear:

Additional Comments (optional)