Specifies the name of the signature sets to apply on, or remove from, the ASM policy.
Apart from built-in signature sets that ship with the device, you can create and use custom signature sets.
When All Response Signatures , configures all signatures in the attack signature pool that can review responses.
When All Signatures , configures all attack signatures in the attack signature pool.
When Apache Struts Signatures , configures signatures that target attacks against the Apache Struts web servers. Only available in version 13.x and later.
When Apache Tomcat Signatures , configures signatures that target attacks against the Apache Tomcat web servers. Only available in version 13.x and later.
When Cisco Signatures , configures signatures that target attacks against Cisco systems. Only available in version 13.x and later.
When Command Execution Signatures , configures signatures involving attacks perpetrated by executing commands.
When Cross Site Scripting Signatures , configures signatures that target attacks caused by cross-site scripting techniques.
When Directory Indexing Signatures , configures signatures targeting attacks that browse directory listings.
When Generic Detection Signatures , configures signatures targeting well-known or common web and application attacks.
When HTTP Response Splitting Signatures , configures signatures targeting attacks that take advantage of responses for which input values have not been sanitized.
When High Accuracy Detection Evasion Signatures , configures signatures with a high level of accuracy that produce few false positives when identifying evasion attacks. Only available in version 13.x and later.
When High Accuracy Signatures , configures signatures with a high level of accuracy that produce few false positives when identifying evasion attacks.
When IIS and Windows Signatures , configures signatures that target attacks against IIS and Windows-based systems. Only available in version 13.x and later.
When Information Leakage Signatures , configures signatures targeting attacks that are looking for system data or debugging information that shows where the system is vulnerable to attack.
When Java Servlets/JSP Signatures , configures signatures that target attacks against Java Servlets and Java Server Pages (JSP) based applications. Only available in version 13.x and later.
When Low Accuracy Signatures , configures signatures that may result in more false positives when identifying attacks.
When Medium Accuracy Signatures , configures signatures with a medium level of accuracy when identifying attacks.
When OS Command Injection Signatures , configures signatures targeting attacks that attempt to run system level commands through a vulnerable application.
When OWA Signatures , configures signatures that target attacks against the Microsoft Outlook Web Access (OWA) application.
When Other Application Attacks Signatures , configures signatures targeting miscellaneous attacks, including session fixation, local file access, injection attempts, header tampering and so on, affecting many applications.
When Path Traversal Signatures , configures signatures targeting attacks that attempt to access files and directories that are stored outside the web root folder.
When Predictable Resource Location Signatures , configures signatures targeting attacks that attempt to uncover hidden website content and functionality by forceful browsing, or by directory and file enumeration.
When Remote File Include Signatures , configures signatures targeting attacks that attempt to exploit a remote file include vulnerability that could enable a remote attacker to execute arbitrary commands on the server hosting the application.
When SQL Injection Signatures , configures signatures targeting attacks that attempt to insert (inject) a SQL query using the input data from a client to an application.
When Server Side Code Injection Signatures , configures signatures targeting code injection attacks on the server side.
When WebSphere signatures , configures signatures targeting attacks on many computing platforms that are integrated using WebSphere, including general database, Microsoft Windows, IIS, Microsoft SQL Server, Apache, Oracle, Unix/Linux, IBM DB2, PostgreSQL, and XML.
When XPath Injection Signatures , configures signatures targeting attacks that attempt to gain access to data structures or bypass permissions when a web site uses user-supplied information to construct XPath queries for XML data.
|