security dos dynamic-signatures¶

security dos dynamic-signatures(1) BIG-IP TMSH Manual security dos dynamic-signatures(1)

NAME
dynamic-signatures - Configures the dynamic signature(s) generated by L4 BDoS (or Dynamic Signature) AFM
feature based on traffic characterization and anomaly detection.

This component has been deprecated and replaced by dos-signature in 13.1.0.

MODULE
security dos

SYNTAX
Configure the dynamic-signatures component within the security dos module using the syntax shown in the
following sections.

CREATE
Currently this option is not supported for dynamic signatures.

MODIFY
modify dynamic-signatures [name]
options:
context-name [name]
detection-threshold [integer]
dynamic-vectors
enforce [disabled | enabled]
mitigation-threshold [integer]
partition [name]
status [disabled | enabled]

DISPLAY
list dynamic-signatures

DELETE
Currently this option is not supported for dynamic signatures.

DESCRIPTION
You can use the dynamic-signatures component to modify or display a dynamic signature.

EXAMPLES
modify dynamic-signatures Sig_Device_ToS status disabled

This example shows how to disable a dynamic signature named Sig_Device_ToS

modify dynamic-signatures Sig_Device_TTL detection-threshold 10000 mitigation-threshold 4294967295

This examples show how to modify the detection and mitigation threshold of a dynamic signature named
Sig_Device_TTL

OPTIONS
context-name
Specifies the context for which the dynamic signature has been generated. This is a read-only field and
possible values are 'Device' or 'Virtual server Name'.

detection-threshold
Specifies the threshold value above which the traffic is declared as 'anomalous' (or an attack). When the
system generates a dynamic signature (based on traffic anomaly characterization), it assigns a value for
detection threshold (based on various factors such as sensitivity, anomaly percent, confidence level
etc.)

User can override this value by modifying the signature and specify a new value to be used for detection
mechanism.

dynamic-vectors
Specifies the list of metrics and the corresponding values/ranges that constitutes a dynamic signature.
This is a read-only field.

enforce
Specifies the run time behavior of the dynamic signature in the datapath with respect to enforcement.
Possible values are: disabled or enabled.

If set to disabled, the system does not enforce the signature to rate limit traffic but only collect
statistics. If set to enabled, in addition to collecting stats, system also enforces the signature to
detect an attack and limit traffic as per the mitigation threshold.

mitigation-threshold
Specifies the threshold above which the system rate limits (drops) the traffic that matches this
generated dynamic signature. When the system generates a dynamic signature, it assigns a value for
mitigation threshold based on certain factors such as mitigation configuration, detection threshold etc.

User can override this value by modifying the signature and specify a new value to be used for mitigating
traffic that matches this dynamic signature.

status
Specifies the run time status of the generated signature. Possible values are: disabled or enabled.

By default, the status is set to enabled when the system generates a dynamic signature. User can disable
detection and mitigation for this dynamic signature by setting this field to disabled.

SEE ALSO
edit, list, modify, security, security dos, tmsh

COPYRIGHT
No part of this program may be reproduced or transmitted in any form or by any means, electronic or
mechanical, including photocopying, recording, or information storage and retrieval systems, for any purpose
other than the purchaser's personal use, without the express written permission of F5 Networks, Inc.

BIG-IP 2017-03-09 security dos dynamic-signatures(1)