ASM Signatures¶
Overview¶
API used to list all ASM signatures.
REST Endpoint: /mgmt/cm/asm/working-config/signatures¶
Requests¶
List all ASM signatures as a collection.
GET /mgmt/cm/asm/working-config/signatures¶
Request Parameters¶
None
Query Parameters¶
None
Response¶
Returns the collection of ASM signatures.
HTTP/1.1 200 OK
| Name | Type | Description |
|---|---|---|
| generation | integer(int64) | A integer that will track change made to web application security signatures collection object. read-only |
| items | < object > array | Collection of ASM attack signatures. optional |
| kind | string | Type information for web application security signatures collection object. read-only |
| lastUpdateMicros | integer(int64) | Update time (micros) for last change made to web application security signatures collection object. read-only |
| selfLink | string | A reference link URI to web application security signatures collection object. read-only |
Error Response¶
HTTP/1.1 400 Bad Request
| Name | Type | Description |
|---|---|---|
| errorStack | string | Error stack trace returned by java. optional, read-only |
| kind | string | Type information for ASM web application security signatures - cm:asm:working-config:signatures:signaturecollectionstate. optional, read-only |
| message | string | Error message returned from server. Bad Request optional, read-only |
| requestBody | string | The data in the request body. GET (None) optional, read-only |
| requestOperationId | integer(int64) | Unique id assigned to rest operation. optional, read-only |
| referer | string | IP address. optional, read-only |
HTTP/1.1 403 Unauthorized
| Name | Type | Description |
|---|---|---|
| errorStack | string | Error stack trace returned by java. optional, read-only |
| kind | string | Type information for ASM web application security signatures - cm:asm:working-config:signatures:signaturecollectionstate. optional, read-only |
| message | string | Error message returned from server. Unauthorized optional, read-only |
| requestBody | string | The data in the request body. GET (None) optional, read-only |
| requestOperationId | integer(int64) | Unique id assigned to rest operation. optional, read-only |
| referer | string | IP address. optional, read-only |
HTTP/1.1 404
| Name | Type | Description |
|---|---|---|
| errorStack | string | Error stack trace returned by java. optional, read-only |
| kind | string | Type information for ASM web application security signatures - cm:asm:working-config:signatures:signaturecollectionstate. optional, read-only |
| message | string | Error message returned from server. URI registration optional, read-only |
| requestBody | string | The data in the request body. GET (None) optional, read-only |
| requestOperationId | integer(int64) | Unique id assigned to rest operation. optional, read-only |
| referer | string | IP address. optional, read-only |
Permissions¶
| Role | Allow |
|---|---|
| Security Manager | Yes |
| Web Application Manager | Yes |
| Web Application Editor | Yes |
| Web Application Viewer | Yes |
| Web Application Deployer | Yes |
GET /mgmt/cm/asm/working-config/signatures/<objectId>¶
Used to get a single instance of a ASM signature object.
Request Parameters¶
| Name | Type | Required | Description |
|---|---|---|---|
| < objectId > | string(UUID) | True | Unique system generated ID associated with the signature. |
Query Parameters¶
None
Response¶
Returns an ASM signature object identified by id for an endpoint URI.
HTTP/1.1 200 OK
| Name | Type | Description |
|---|---|---|
| accuracy | string | Indicates the ability of the attack signature to identify the attack including susceptibility to false-positive alarms: Low: Indicates a high likelihood of false positives. Medium: Indicates some likelihood of false positives. High: Indicates a low likelihood of false positives. optional |
| attackTypeReference | string | Reference link to attack type properties. ex. uuid, name, bigipAttackId optional |
| link | string | Reference link to attack type. optional |
| bundleVersion | integer | Indicates the bundle version of the attack signature. optional |
| description | string | Description of ASM attack signature. optional |
| generation | integer(int64) | A integer that will track change made to a ASM attack signature object. generation. read-only |
| id | string | Unique id associated with ASM attack signature. |
| isUserDefined | boolean | Is this ASM signature created by a user or pre packaged by the system. optional |
| lastUpdateMicros | integer(int64) | Update time (micros) for last change made to a ASM attack signature object. read-only |
| matchesWithinJson | boolean | A boolean value which indicates whether the signature will be matched within the scope of this policy object type. (JSON Profiles). optional |
| matchesWithinCookie | boolean | A boolean value which indicates whether the signature will be matched withing the scope of this policy object type (Cookies). optional |
| matchesWithinGwt | boolean(kind) | A boolean value which indicates whether the signature will be matched withing the scope of this policy object type (GWT profiles). optional |
| matchesWithinParameter | boolean | A boolean value which indicates whether the signature will be matched withing the scope of this policy object type (Parameters). optional |
| matchesWithinPlainText | boolean(kind) | A boolean value which indicates whether the signature will be matched withing the scope of this policy object type (Plain Text Profiles). optional |
| matchesWithinRequest | boolean(kind) | A boolean value which indicates whether the signature will be matched withing the scope of this policy object type (Request Headers). optional |
| matchesWithinUri | boolean(kind) | A boolean value which indicates whether the signature will be matched withing the scope of this policy object type (URLs). optional |
| matchesWithinXml | boolean(kind) | A boolean value which indicates whether the signature will be matched withing the scope of this policy object type (XML Profiles). optional |
| matchesWithinHeader | boolean(kind) | A boolean value which indicates whether the signature will be matched within the scope of this policy object type. (Headers). optional |
| matchesWithinResponse | boolean(kind) | A boolean value which indicates whether the signature will be matched within the scope of this policy object type. (Responses). optional |
| rule | string | This value is not defined for Factory signatures. It is mandatory for user defined signatures and it defines the content of the signature rule. optional |
| modificationDateMicros | integer | Value of the last modified time in micros. optional |
| name | string | Name of ASM attack signature. |
| partition | string | BIG-IP partition this ASM attack signature object exists. optional |
| revision | string | BIG-IQ maintains a version # to track changes of ASM signatures. optional |
| risk | string | Indicates the level of potential damage this attack might cause if it is successful: Low: Indicates the attack does not cause direct damage or reveal highly sensitive data. Medium: Indicates the attack may reveal sensitive data or cause moderate damage. High: Indicates the attack may cause a full system compromise. optional |
| selfLink | string | A reference link URI to the ASM attack signature object. read-only |
| signatureId | string | Unique id assigned to a ASM signature object. read-only |
| signatureType | string | Used to identify the category of web application attack type associated with the signature. Table 11.1 lists types. optional |
| systems | array | Displays which systems (for example web applications, web servers databases, and application frameworks) where the signature is relevant. optional |
| systemReference | link | Reference link to ASM system. optional |
| link | string | Reference link to ASM system. optional |
| issueTracking | array | Contains a list of issueTracking which indicates the type and the URL reference. This is available only in Factory Signatures optional |
| type | string | URL |
| value | string | Reference link to an external website explaining this attack signature, or displays |
Error Response¶
HTTP/1.1 400 Bad Request
| Name | Type | Description |
|---|---|---|
| errorStack | string | Error stack trace returned by java. optional, read-only |
| kind | string | Type information for ASM web application security signatures - cm:asm:working-config:signatures:signaturecollectionstate. optional, read-only |
| message | string | Error message returned from server. Bad Request optional, read-only |
| requestBody | string | The data in the request body. GET (None) optional, read-only |
| requestOperationId | integer(int64) | Unique id assigned to rest operation. optional, read-only |
| referer | string | IP address. optional, read-only |
HTTP/1.1 403 Unauthorized
| Name | Type | Description |
|---|---|---|
| errorStack | string | Error stack trace returned by java. optional, read-only |
| kind | string | Type information for ASM web application security signatures - cm:asm:working-config:signatures:signaturecollectionstate. optional, read-only |
| message | string | Error message returned from server. Unauthorized optional, read-only |
| requestBody | string | The data in the request body. GET (None) optional, read-only |
| requestOperationId | integer(int64) | Unique id assigned to rest operation. optional, read-only |
| referer | string | IP address. optional, read-only |
HTTP/1.1 404
| Name | Type | Description |
|---|---|---|
| errorStack | string | Error stack trace returned by java. optional, read-only |
| kind | string | Type information for ASM web application security signatures - cm:asm:working-config:signatures:signaturecollectionstate. optional, read-only |
| message | string | Error message returned from server. URI registration optional, read-only |
| requestBody | string | The data in the request body. GET (None) optional, read-only |
| requestOperationId | integer(int64) | Unique id assigned to rest operation. optional, read-only |
| referer | string | IP address. optional, read-only |
Permissions¶
| Role | Allow |
|---|---|
| Security Manager | Yes |
| Web Application Manager | Yes |
| Web Application Editor | Yes |
| Web Application Viewer | Yes |
| Web Application Deployer | Yes |
Examples¶
None