security dos dynamic-signatures¶

security dos dynamic-signatures(1) BIG-IP TMSH Manual security dos dynamic-signatures(1)

NAME
dynamic-signatures - Configures the dynamic signature(s) generated by L4 BDoS (or Dynamic Signature) AFM feature based on
traffic characterization and anomaly detection.

This component has been deprecated and replaced by dos-signature in 13.1.0.

MODULE
security dos

SYNTAX
Configure the dynamic-signatures component within the security dos module using the syntax shown in the following sections.

CREATE
Currently this option is not supported for dynamic signatures.

MODIFY
modify dynamic-signatures [name]
options:
context-name [name]
detection-threshold [integer]
dynamic-vectors
enforce [disabled | enabled]
mitigation-threshold [integer]
partition [name]
status [disabled | enabled]

DISPLAY
list dynamic-signatures

DELETE
Currently this option is not supported for dynamic signatures.

DESCRIPTION
You can use the dynamic-signatures component to modify or display a dynamic signature.

EXAMPLES
modify dynamic-signatures Sig_Device_ToS status disabled

This example shows how to disable a dynamic signature named Sig_Device_ToS

modify dynamic-signatures Sig_Device_TTL detection-threshold 10000 mitigation-threshold 4294967295

This examples show how to modify the detection and mitigation threshold of a dynamic signature named Sig_Device_TTL

OPTIONS
context-name
Specifies the context for which the dynamic signature has been generated. This is a read-only field and possible
values are 'Device' or 'Virtual server Name'.

detection-threshold
Specifies the threshold value above which the traffic is declared as 'anomalous' (or an attack). When the system
generates a dynamic signature (based on traffic anomaly characterization), it assigns a value for detection threshold
(based on various factors such as sensitivity, anomaly percent, confidence level etc.)

User can override this value by modifying the signature and specify a new value to be used for detection mechanism.

dynamic-vectors
Specifies the list of metrics and the corresponding values/ranges that constitutes a dynamic signature. This is a
read-only field.

enforce
Specifies the run time behavior of the dynamic signature in the datapath with respect to enforcement. Possible values
are: disabled or enabled.

If set to disabled, the system does not enforce the signature to rate limit traffic but only collect statistics. If
set to enabled, in addition to collecting stats, system also enforces the signature to detect an attack and limit
traffic as per the mitigation threshold.

mitigation-threshold
Specifies the threshold above which the system rate limits (drops) the traffic that matches this generated dynamic
signature. When the system generates a dynamic signature, it assigns a value for mitigation threshold based on certain
factors such as mitigation configuration, detection threshold etc.

User can override this value by modifying the signature and specify a new value to be used for mitigating traffic that
matches this dynamic signature.

status
Specifies the run time status of the generated signature. Possible values are: disabled or enabled.

By default, the status is set to enabled when the system generates a dynamic signature. User can disable detection and
mitigation for this dynamic signature by setting this field to disabled.

SEE ALSO
edit, list, modify, security, security dos, tmsh

COPYRIGHT
No part of this program may be reproduced or transmitted in any form or by any means, electronic or mechanical, including
photocopying, recording, or information storage and retrieval systems, for any purpose other than the purchaser's personal
use, without the express written permission of F5 Networks, Inc.

BIG-IP 2017-03-09 security dos dynamic-signatures(1)