Set up attack signatures, bot signatures, and threat campaigns

Overview

F5 WAF for NGINX protects your applications using predefined and regularly updated detection patterns:

  • Attack signatures: Known threat patterns used to detect common vulnerabilities and exploits. These are included with F5 WAF for NGINX and updated frequently to reflect the latest security threats. See the attack signatures documentation for more information.

  • Threat campaigns: Context-aware threat intelligence based on attack campaigns observed by F5 Threat Labs. These are updated even more frequently than attack signatures and require installation to take effect. Learn more in the threat campaigns documentation.

  • Bot signatures: Detection patterns designed to identify and classify automated bot traffic. These signatures help distinguish between legitimate bots, such as search engine crawlers, and malicious ones that perform credential stuffing, scraping, or denial-of-service attacks. See the bot signatures documentation for more information.

To take advantage of the latest updates, you must upload the attack signature, bot signature, and threat campaign packages to NGINX Instance Manager.

You can either:

  • Configure NGINX Instance Manager to automatically download new versions, or
  • Manually download packages from MyF5 and upload them to NGINX Instance Manager using the REST API.

In this section

Automatically update security packages

Enable automatic updates in NGINX Instance Manager to keep F5 WAF for NGINX packages current.

Manually update security packages

Manually download and upload F5 WAF for NGINX security packages to NGINX Instance Manager.

Update Security Monitoring attack signature database

Keep your Security Monitoring dashboards accurate by updating the attack signature database in NGINX Instance Manager.
View source
Edit this page
Create a new issue