In BIG-IQ® Web Application Security, you can configure custom attack signatures and custom attack signature sets. You can create a custom attack signature set and assign it to a security policy.
An attack signature set is a group of attack signatures. Rather than applying individual attack signatures to a security policy, you can apply one or more attack signature sets. The Application Security Manager® system ships with several system-supplied attack signature sets.
You can develop custom attack signatures, if needed, for specific purposes in your environment. The signatures that you define are stored in the attack signatures pool along with the system-supplied signatures. You can combine your custom attack signatures with system-supplied signatures or system-supplied sets to create custom signature sets.
You can import system-supplied or custom attack signature sets through the device discovery process. You can assign these sets to ASM™ policies, and you can deploy those policies to BIG-IP® devices.
Each security policy has its own attack signature set assignments. By default, a generic attack signature set is assigned to new security policies. You can assign additional attack signature sets to the security policy. Certain sets are more applicable to certain types of applications or types of attack. The sets are named logically so you can tell which ones to choose.
Custom attack signatures must adhere to a specific rule syntax. They are never updated by F5 Networks. All user-defined attack signatures are carried forward as-is when the system is updated to a new software version.
To learn specifics about system-supplied attack signatures, custom attack signatures, and signature sets, consult the BIG-IP® documentation.
Each security policy enforces one or more attack signature sets. You can assign additional attack signature sets to the security policy.