# Set up attack signatures, bot signatures, and threat campaigns > Keep F5 WAF for NGINX attack signature, bot signature, and threat campaign packages current in F5 NGINX Instance Manager using automatic or manual updates. ## Overview F5 WAF for NGINX protects your applications using predefined and regularly updated detection patterns: - **Attack signatures**: Known threat patterns used to detect common vulnerabilities and exploits. These are included with F5 WAF for NGINX and updated frequently to reflect the latest security threats. See the [attack signatures documentation](/waf/policies/attack-signatures.md) for more information. - **Threat campaigns**: Context-aware threat intelligence based on attack campaigns observed by F5 Threat Labs. These are updated even more frequently than attack signatures and require installation to take effect. Learn more in the [threat campaigns documentation](/waf/policies/threat-campaigns.md). - **Bot signatures**: Detection patterns designed to identify and classify automated bot traffic. These signatures help distinguish between legitimate bots, such as search engine crawlers, and malicious ones that perform credential stuffing, scraping, or denial-of-service attacks. See the [bot signatures documentation](/waf/policies/bot-signatures.md) for more information. To take advantage of the latest updates, you must upload the attack signature, bot signature, and threat campaign packages to F5 NGINX Instance Manager. You can either: - Configure NGINX Instance Manager to automatically download new versions, or - Manually download packages from MyF5 and upload them to NGINX Instance Manager using the REST API. ## In this section ### [Automatically update security packages](automatic-download/) Enable automatic updates in NGINX Instance Manager to keep F5 WAF for NGINX packages current. ### [Manually update security packages](manual-update/) Manually download and upload F5 WAF for NGINX security packages to NGINX Instance Manager. ### [Update Security Monitoring attack signature database](update-security-monitoring-signature-db/) Keep your Security Monitoring dashboards accurate by updating the attack signature database in NGINX Instance Manager.