security dos dynamic-signatures
security dos dynamic-signatureBIG-IP TMSH Masecurity dos dynamic-signatures(1)
NAME
dynamic-signatures - Configures the dynamic signature(s) generated by
L4 BDoS (or Dynamic Signature) AFM feature based on traffic
characterization and anomaly detection.
MODULE
security dos
SYNTAX
Configure the dynamic-signatures component within the security dos
module using the syntax shown in the following sections.
CREATE
Currently this option is not supported for dynamic signatures.
MODIFY
modify dynamic-signatures [name]
options:
context-name [name]
detection-threshold [integer]
dynamic-vectors
enforce [disabled | enabled]
mitigation-threshold [integer]
partition [name]
status [disabled | enabled]
DISPLAY
list dynamic-signatures
DELETE
Currently this option is not supported for dynamic signatures.
DESCRIPTION
You can use the dynamic-signatures component to modify or display a
dynamic signature.
EXAMPLES
modify dynamic-signatures Sig_Device_ToS status disabled
This example shows how to disable a dynamic signature named
Sig_Device_ToS
modify dynamic-signatures Sig_Device_TTL detection-threshold 10000
mitigation-threshold 4294967295
This examples show how to modify the detection and mitigation threshold
of a dynamic signature named Sig_Device_TTL
OPTIONS
context-name
Specifies the context for which the dynamic signature has been
generated. This is a read-only field and possible values are
'Device' or 'Virtual server Name'.
detection-threshold
Specifies the threshold value above which the traffic is declared
as 'anomalous' (or an attack). When the system generates a dynamic
signature (based on traffic anomaly characterization), it assigns
a value for detection threshold (based on various factors such as
sensitivity, anomaly percent, confidence level etc.)
User can override this value by modifying the signature and
specify a new value to be used for detection mechanism.
dynamic-vectors
Specifies the list of metrics and the corresponding values/ranges
that constitutes a dynamic signature. This is a read-only field.
enforce
Specifies the run time behavior of the dynamic signature in the
datapath with respect to enforcement. Possible values are:
disabled or enabled.
If set to disabled, the system does not enforce the signature to
rate limit traffic but only collect statistics. If set to
enabled, in addition to collecting stats, system also enforces the
signature to detect an attack and limit traffic as per the
mitigation threshold.
mitigation-threshold
Specifies the threshold above which the system rate limits (drops)
the traffic that matches this generated dynamic signature. When
the system generates a dynamic signature, it assigns a value for
mitigation threshold based on certain factors such as mitigation
configuration, detection threshold etc.
User can override this value by modifying the signature and
specify a new value to be used for mitigating traffic that matches
this dynamic signature.
status
Specifies the run time status of the generated signature. Possible
values are: disabled or enabled.
By default, the status is set to enabled when the system generates
a dynamic signature. User can disable detection and mitigation for
this dynamic signature by setting this field to disabled.
SEE ALSO
edit, list, modify, security, security dos, tmsh
COPYRIGHT
No part of this program may be reproduced or transmitted in any form or
by any means, electronic or mechanical, including photocopying,
recording, or information storage and retrieval systems, for any
purpose other than the purchaser's personal use, without the express
written permission of F5 Networks, Inc.
F5 Networks and BIG-IP (c) Copyright 2008-2016. All rights reserved.
BIG-IP 2016-07-21security dos dynamic-signatures(1)