security protocol-inspection signature
security protocol-inspection signature(1) BIG-IP TMSH Manual security protocol-inspection signature(1)
NAME
signature - Configures the signature inspections.
MODULE
security protocol-inspection signature
SYNTAX
CREATE/MODIFY
modify security protocol-inspection signature
create security protocol-inspection signature
properties:
accuracy [high | low | medium]
description [string]
last-updated [date in format %y-%m-%d:%H:%M:%S]
reference-links [string]
service [string]
action [accept | drop | reject]
direction [any | to-client | to-server]
log [yes | no]
references [string]
sig [string - signature in snort format]
app-service [string]
documentation [string]
performance-impact [high | low | medium]
revision [integer]
systems [string]
attack-type [string]
id [integer]
protocol [any | tcp | udp]
risk [critical | high | low | medium]
user-defined [yes | no]
DISPLAY
list security protocol-inspection signature
DESCRIPTION
Use this command to create/modify custom signatures in snort format.
EXAMPLES
create security protocol-inspection signature new_sig { log yes action drop sig "content:\"GET\";
content:\"HTTP\";" description "Signature match" }
Create signature "new_sig" which find "GET" and "HTTP" in payload (see details about snort signatures in
related documentation). Following actions are applied if signature is matched: drop flow and write message
"Signature match".
modify security protocol-inspection signature new_sig { log no action accept sig }
Modify action and logging of previous signature "new_sig". Following actions are applied if signature is
matched: accept flow.
list security protocol-inspection signature new_sig
Displays signature new_sig.
list security protocol-inspection signature
Displays all signatures.
PROPERTIES
accuracy
Specifies the accuracy of the signature.
description
Specifies the description of the signature. Also this parameter is used in logging when signature is
matched.
last-updated
Specifies date/time when signature has been updated last time.
reference-links
Specifies external references (url) to signature.
references
Specifies external industrial references (cve and bugtraq) to signature.
service
Specifies target-based service.
action
Specifies enforcement action for matched signature.
direction
Specifies flow direction for signature. Signature search will apply only for payload in this direction.
log Specifies whether the inspection will be logged if it matches the signature.
app-service
Specifies app service.
documentation
Specifies signature documentation.
performance-impact
Specifies performance impact of this signature.
revision
Specifies signature revision. For custom signatures, this parameter will be incremented each time you
modify this signature.
systems
Specifies systems where this signature can be matched.
attack-type
Specifies signature attack type.
id Specifies signature identifiers.
protocol
Specifies transport protocol where this signature can be matched (udp, tcp, any).
risk Specifies signature risk.
sig Specifies snort signature.
user-defined
Specifies if signature is created by user.
deprecated
Specifies if inspection is now deprecated and will not be matched anymore.
SEE ALSO
list, modify, security, tmsh
COPYRIGHT
No part of this program may be reproduced or transmitted in any form or by any means, electronic or
mechanical, including photocopying, recording, or information storage and retrieval systems, for any purpose
other than the purchaser's personal use, without the express written permission of F5 Networks, Inc.
F5 Networks and BIG-IP (c) Copyright 2008, 2012-2017. All rights reserved.
BIG-IP 2018-01-11 security protocol-inspection signature(1)