101 · Question #144
Which of the following is correct regarding Userdefined Attack signatures?
The correct answer is A. Userdefined signatures use an F5supplied syntax. User-defined attack signatures in BIG-IP ASM are authored using the same F5-proprietary signature syntax used for system-supplied signatures, giving administrators a consistent authoring model.
Question
Which of the following is correct regarding Userdefined Attack signatures?
Options
- AUserdefined signatures use an F5supplied syntax
- BUserdefined signatures may only use regular expressions
- CAttack signatures may be grouped within systemsupplied signatures
- DUserdefined signatures may not be applied globally within the entire policy
How the community answered
(19 responses)- A95% (18)
- C5% (1)
Why each option
User-defined attack signatures in BIG-IP ASM are authored using the same F5-proprietary signature syntax used for system-supplied signatures, giving administrators a consistent authoring model.
F5 provides a defined signature syntax (including keywords such as content, uricontent, pcre, and normalization flags) that governs both system-supplied and user-defined signatures. Administrators must use this F5-supplied syntax when creating custom signatures, ensuring compatibility with the ASM signature engine.
User-defined signatures support both the F5 keyword-based syntax and PCRE regular expressions - they are not limited to regular expressions only.
User-defined signatures cannot be added to or grouped within F5 system-supplied signature sets; they are maintained in separate user-defined signature sets.
User-defined signatures can be applied globally across an entire policy, just like system-supplied signatures, when the policy is configured to enforce them at that scope.
Concept tested: BIG-IP ASM user-defined attack signature syntax and scope
Source: https://techdocs.f5.com/en-us/bigip-asm-implementations/configuring-attack-signatures.html
Topics
Community Discussion
No community discussion yet for this question.