Try SpotterManages Signature Sets on an ASM policy
| "added in version" 1.0.0 of f5networks.f5_modules"
Authors: Wojciech Wypior (@wojtek0806)
Install with ansible-galaxy collection install f5networks.f5_modules:==1.28.0
collections:
- name: f5networks.f5_modules
version: 1.28.0Manages Signature Sets on an ASM policy.
- name: Add Signature Set to ASM Policy
bigip_asm_policy_signature_set:
name: IIS and Windows Signatures
policy_name: FooPolicy
provider:
password: secret
server: lb.mydomain.com
user: admin
delegate_to: localhost
- name: Remove Signature Set to ASM Policy
bigip_asm_policy_signature_set:
name: IIS and Windows Signatures
policy_name: FooPolicy
state: absent
provider:
password: secret
server: lb.mydomain.com
user: admin
delegate_to: localhost
name:
description:
- Specifies the name of the signature sets to apply to, or remove from, the ASM policy.
- Apart from built-in signature sets that ship with the device, you can create and
use custom signature sets.
- When C(All Response Signatures), configures all signatures in the attack signature
pool that can review responses.
- When C(All Signatures), configures all attack signatures in the attack signature
pool.
- When C(Apache Struts Signatures), configures signatures that target attacks against
the Apache Struts web servers. Only available in version 13.x and later.
- When C(Apache Tomcat Signatures), configures signatures that target attacks against
the Apache Tomcat web servers. Only available in version 13.x and later.
- When C(Cisco Signatures), configures signatures that target attacks against Cisco
systems. Only available in version 13.x and later.
- When C(Command Execution Signatures), configures signatures involving attacks perpetrated
by executing commands.
- When C(Cross Site Scripting Signatures), configures signatures that target attacks
caused by cross-site scripting techniques.
- When C(Directory Indexing Signatures), configures signatures targeting attacks that
browse directory listings.
- When C(Generic Detection Signatures), configures signatures targeting well-known
or common web and application attacks.
- When C(HTTP Response Splitting Signatures), configures signatures targeting attacks
that take advantage of responses for which input values have not been sanitized.
- When C(High Accuracy Detection Evasion Signatures), configures signatures with a
high level of accuracy that produce few false positives when identifying evasion
attacks. Only available in version 13.x and later.
- When C(High Accuracy Signatures), configures signatures with a high level of accuracy
that produce few false positives when identifying evasion attacks.
- When C(IIS and Windows Signatures), configures signatures that target attacks against
Microsoft IIS and Windows-based systems. Only available in version 13.x and later.
- When C(Information Leakage Signatures), configures signatures targeting attacks
that are looking for system data or debugging information that shows where the system
is vulnerable to attack.
- When C(Java Servlets/JSP Signatures), configures signatures that target attacks
against Java Servlets and Java Server Pages (JSP) based applications. Only available
in version 13.x and later.
- When C(Low Accuracy Signatures), configures signatures that may result in more false
positives when identifying attacks.
- When C(Medium Accuracy Signatures), configures signatures with a medium level of
accuracy when identifying attacks.
- When C(OS Command Injection Signatures), configures signatures targeting attacks
that attempt to run system level commands through a vulnerable application.
- When C(OWA Signatures), configures signatures that target attacks against the Microsoft
Outlook Web Access (OWA) application.
- When C(Other Application Attacks Signatures), configures signatures targeting miscellaneous
attacks, including session fixation, local file access, injection attempts, header
tampering and so on, affecting many applications.
- When C(Path Traversal Signatures), configures signatures targeting attacks that
attempt to access files and directories that are stored outside the web root folder.
- When C(Predictable Resource Location Signatures), configures signatures targeting
attacks that attempt to uncover hidden website content and functionality by forceful
browsing, or by directory and file enumeration.
- When C(Remote File Include Signatures), configures signatures targeting attacks
that attempt to exploit a remote file include vulnerability that could enable a
remote attacker to execute arbitrary commands on the server hosting the application.
- When C(SQL Injection Signatures), configures signatures targeting attacks that attempt
to insert (inject) a SQL query using the input data from a client to an application.
- When C(Server Side Code Injection Signatures), configures signatures targeting code
injection attacks on the server side.
- When C(WebSphere signatures), configures signatures targeting attacks on many computing
platforms that are integrated using WebSphere, including general database, Microsoft
Windows, IIS, Microsoft SQL Server, Apache, Oracle, Unix/Linux, IBM DB2, PostgreSQL,
and XML.
- When C(XPath Injection Signatures), configures signatures targeting attacks that
attempt to gain access to data structures or bypass permissions when a web site
uses user-supplied information to construct XPath queries for XML data.
required: true
type: str
alarm:
description:
- Specifies if the security policy logs the request data in the Statistics screen
when a request matches a signature that is included in the signature set.
type: bool
block:
description:
- Effective when the security policy enforcement mode is Blocking.
- Determines how the system treats requests that match a signature included in the
signature set.
- When C(true), the system blocks all requests that match a signature, and provides
the client with a support ID number.
- When C(false), the system accepts those requests.
type: bool
learn:
description:
- Specifies if the security policy learns all requests that match a signature that
is included in the signature set.
type: bool
state:
choices:
- present
- absent
default: present
description:
- When C(present), ensures the resource exists.
- When C(absent), ensures the resource is removed.
type: str
provider:
description:
- A dict object containing connection details.
suboptions:
auth_provider:
description:
- Configures the auth provider for to obtain authentication tokens from the remote
device.
- This option is really used when working with BIG-IQ devices.
type: str
no_f5_teem:
default: false
description:
- If C(yes), TEEM telemetry data is not sent to F5.
- You may omit this option by setting the environment variable C(F5_TELEMETRY_OFF).
- Previously used variable C(F5_TEEM) is deprecated as its name was confusing.
type: bool
password:
aliases:
- pass
- pwd
description:
- The password for the user account used to connect to the BIG-IP or the BIG-IQ.
- You may omit this option by setting the environment variable C(F5_PASSWORD).
required: true
type: str
server:
description:
- The BIG-IP host or the BIG-IQ host.
- You may omit this option by setting the environment variable C(F5_SERVER).
required: true
type: str
server_port:
default: 443
description:
- The BIG-IP server port.
- You may omit this option by setting the environment variable C(F5_SERVER_PORT).
type: int
timeout:
description:
- Specifies the timeout in seconds for communicating with the network device for
either connecting or sending commands. If the timeout is exceeded before the
operation is completed, the module will error.
type: int
transport:
choices:
- rest
default: rest
description:
- Configures the transport connection to use when connecting to the remote device.
type: str
user:
description:
- The username to connect to the BIG-IP or the BIG-IQ. This user must have administrative
privileges on the device.
- You may omit this option by setting the environment variable C(F5_USER).
required: true
type: str
validate_certs:
default: true
description:
- If C(no), SSL certificates are not validated. Use this only on personally controlled
sites using self-signed certificates.
- You may omit this option by setting the environment variable C(F5_VALIDATE_CERTS).
type: bool
type: dict
version_added: 1.0.0
version_added_collection: f5networks.f5_modules
partition:
default: Common
description:
- This parameter is only used when identifying an ASM policy.
type: str
policy_name:
description:
- Specifies the name of an existing ASM policy to add or remove signature sets to.
required: true
type: str
alarm:
description: Specifies whether the security policy logs the request data in the
Statistics screen.
returned: changed
sample: true
type: bool
block:
description: Determines how the system treats requests that match a signature included
in the signature set.
returned: changed
sample: false
type: bool
learn:
description: Specifies if the policy learns all requests that match a signature
that is included in the signature set.
returned: changed
sample: true
type: bool
name:
description: The name of the Signature Set added/removed on an ASM policy.
returned: changed
sample: Cisco Signatures
type: str
policy_name:
description: The name of the ASM policy.
returned: changed
sample: FooPolicy
type: str