Overview: Threat Campaigns¶
Threat Campaigns is a threat intelligence feature which includes frequent update feeds containing contextual information about active attack campaigns currently being observed by F5 Threat Labs that WAF can provide protection against. As an example, without threat campaign updates WAF may detect an attack pattern in a web application form parameter, but it cannot correlate the singular attack incident as part of a more extensive and sophisticated threat campaign. Threat Campaigns’ contextual information is very specific to current attack campaigns, allowing false positives to be virtually non-existent.
Just like attack signatures, the Threat Campaign patterns are updated regularly. Unlike attack signatures, you need to install Threat Campaigns in order for the protection to take effect. Due to the highly dynamic nature of those campaigns the updates are issued far more frequently than the attack signatures. You need to install those updates close to the time they are issued in order to get the most effective protection.
Since the risk of false positive is very low, you do not need to enable or disable specific Threat Campaigns. Rather, you can disable the whole mechanism.