How to: Update the F5-provided Attack Signatures package

To update the F5-provided attack signatures package:

  • Upload the attacks signatures update file to the file store:

POST https://{{bigip_next_mgmt_floating_ip}}:5443/{{API_VERSION}}/files

Content type: multipart/form-data

Payload:

[
    {
        "fileName": "ASM-AttackSignatures.im",
        "name": "ASM-AttackSignatures.im",
        "description": "this is an attack signature update file"
    }
]
  • Get the default service:

GET https://{{bigip_next_mgmt_floating_ip}}:5443/{{API_VERSION}}/services

Example of the response:

{
    {
    "_embedded": {
        "services": [
            {
                "_links": {
                    "access": "/services/{{service_id}}/access",
                    "cluster": "/services/{{service_id}}/cluster",
                    "logging": "/services/{{service_id}}/logging",
                    "self": "/services/{{service_id}}",
                    "waf": "/services/{{service_id}}/waf"
                },
                "id": "{{service_id}}",
                "name": "Default Service"
            }
        ]
    },
    "_links": {
        "self": "/services?"
    },
    "count": 1,
    "total": 1
}
  • Add the signature update file to the waf-settings in the default service:

PUT https://{{bigip_next_mgmt_floating_ip}}:5443/{{API_VERSION}}/services/{{service_id}}/waf
{
    "wafSettings": {
        "attackSignatures": {
            "securityUpdateFile": "ASM-AttackSignatures.im"
        }
    }
}