Lab 1.1 - Stay up-to-date with F5’s latest Attack Signature updates and Threat Campaigns by automatically applying those updates

Check on latest attack signature and threat campaigns update files

  1. Log into the BIG-IP Next Central Manager via the Windows Jump Host.
  2. The appropriate RDP credentials can be found under “Components” -> “DETAILS” as explained in “Module 0”.
  3. Just click on the BIG-IP Next CM Favorite in the Chrome Browser of the the Windows Jump Host.

Note: Module 0 Lab 1 covers how you access the different instances as well as how you find the appropriate credentials.

../../../_images/Windows_Jumhost.png

  1. Go to “Main Menu” and navigate to “Security -> WAF -> Live Updates”.
../../../_images/Module1_task4_updated_navigation.gif

  1. From here, select Settings and change check “Enabled (Real Time)” to perform auto updates of the latest attack signatures and Threat Campaigns.
../../../_images/Module1_task5_updated_realtime.gif

NOTE The ‘Disabled’ or ‘Enabled (Real-time)’ options under ‘Settings’ are per tab/object. This allows you to handle the installation of attack signatures updates differently from Threat Campaigns update.

../../../_images/Module1_attack_sig_settings.png

../../../_images/Module1_TC_settings.png

  1. Now perfrom a check to see if there are latest Attack Signature and Threat Campaigns updates available by selecting the refresh icon. If updates are available, they will be installed automatically.
../../../_images/Module1_task6_update_attack_sig.png

  1. If there happens to be an update available the Attack Signatures and/or Threat Campaigns will be updated. Once the update is complete, you will be prompted with a successful message. The status of the updated package will change to Active, and the installation date will change to the date the update file was created.
../../../_images/Live_Updates_2_Lab3.png

  1. Click on the filename, e.g. ASM-AttackSignatures_20240103_153328.im (The name might be different based on latest signature date), to get more details about the changes introduced by the update.
../../../_images/Module1-task8_live_update_attack_sig.png

General remark:

Within this lab, we showed you how to enable live updates of Attack Signatures and Threat Campaigns. Users also have the option to manually upload Attack Signatures or Threat Campaigns. To do this, you just have to select the “Upload File” button in each tab. This is not required for the lab, but keep in mind that this option is available to you.

Congratulations - You have finished Module 1