Update the attack signature database

The Security Monitoring module tracks security violations on F5 WAF for NGINX instances. Its analytics dashboards use a Signature Database to show details about Attack Signatures, including their name, accuracy, and risk.

If the Signature Database is outdated and doesn’t match the version used in F5 WAF for NGINX, new signatures may appear without attributes like a name, risk, or accuracy.

Follow these steps to update the Security Monitoring module with the latest Attack Signature data so the dashboards show complete and accurate information.

Before you begin

Make sure you have the following:

F5 WAF for NGINX is set up, and the Security Monitoring dashboard is collecting security violations.

Update the signature database

Open an SSH connection to the data plane host and log in.
Generate a Signature Report file using the Attack Signature Report Tool. Save the file as signature-report.json:
sudo /opt/app_protect/bin/get-signatures -o ./signature-report.json
Open an SSH connection to the management plane host and log in.
Copy the signature-report.json file to the NGINX Instance Manager control plane at /usr/share/nms/sigdb/:
sudo scp /path/to/signature-report.json {user}@{host}:/usr/share/nms/sigdb/signature-report.json
Restart the NGINX Instance Manager services to apply the update:
shell
sudo systemctl restart nms-ingestion sudo systemctl restart nms-core

View source

Edit this page

Create a new issue