How to: Update the F5-provided Attack Signatures package¶
To update the F5-provided attack signatures package:
Upload the attacks signatures update file to the file store:
POST https://{{bigip_next_mgmt_floating_ip}}:5443/{{API_VERSION}}/files
Content type: multipart/form-data
Payload:
[
{
"fileName": "ASM-AttackSignatures.im",
"name": "ASM-AttackSignatures.im",
"description": "this is an attack signature update file"
}
]
Get the default service:
GET https://{{bigip_next_mgmt_floating_ip}}:5443/{{API_VERSION}}/services
Example of the response:
{
{
"_embedded": {
"services": [
{
"_links": {
"access": "/services/{{service_id}}/access",
"cluster": "/services/{{service_id}}/cluster",
"logging": "/services/{{service_id}}/logging",
"self": "/services/{{service_id}}",
"waf": "/services/{{service_id}}/waf"
},
"id": "{{service_id}}",
"name": "Default Service"
}
]
},
"_links": {
"self": "/services?"
},
"count": 1,
"total": 1
}
Add the signature update file to the
waf-settings
in the default service:
PUT https://{{bigip_next_mgmt_floating_ip}}:5443/{{API_VERSION}}/services/{{service_id}}/waf
{
"wafSettings": {
"attackSignatures": {
"securityUpdateFile": "ASM-AttackSignatures.im"
}
}
}