Attack signatures are rules or patterns that identify attack sequences or classes of attacks on a web application and its components. You can apply attack signatures to both requests and responses.
F5 releases a new attack signature update for the BIG-IP ASM system about every six weeks. The attack signature update includes new attack signatures as well as enhancements to existing attack signatures.
Attack signature updates are released only for supported versions of software, as detailed in K5903: BIG-IP software support policy.
Attack signature updates are available from the F5 Downloads site under the version of the BIG-IP system that you are currently running.
Since new web application attacks and threats are constantly being developed, you should update the system-supplied attack signatures on a regular basis to ensure that your applications are protected against new attacks. You can configure automatic updates, or you can manually update the signatures.
The attack signature updates are cumulative; when you update the system supplied attack signatures, the update provides the latest signatures and all signatures from the previous updates. Updating the attack signatures also provides any revisions to existing attack signatures.
Attack signatures are also saved in user configuration set (UCS) archives. When a UCS archive is created, the current cumulative signature set is saved in the archive. When a UCS archive is restored, the attack signatures in the archive fully replace existing signatures. If the UCS archive is old, the attack signatures may be out-of-date and need to be updated separately.