Description
- You are looking at the details listed for a specific request in your security events on the security dashboard
- You are wondering what the different states mean
- What do the different states of an attack signature mean?
Environment
- F5® Distributed Cloud Console
- Security Dashboard
Answer
There are 5 different states of an attack signature.
- Enabled : The signature was enabled in the app firewall ( WAF ) policy.
- Disabled : The signature was disabled in app firewall ( WAF ) policy.
- Suppressed : The signature was suppressed by WAF exclusion rule created by the customer.
- Auto suppressed : The signature was suppressed by the “automatic attack signature tuning” feature in the app firewall. The ML model runs on top of the signature engine and auto suppresses signatures that it determines to be False Positives.
- Staging: The signature is new or recently updated, and the app firewall (WAF) has attack signatures staging configured. A request that triggers a staged signature will not cause the request to be blocked, but you will see signature trigger details in the security event.
Additional Information
- If all signature triggers on the request are suppressed, auto suppressed, or staged, the request will be “allowed”.
- If at least one signature trigger on the request is in enabled state, the request will be “blocked”