Does Threat Campaign still uses signatures to block? If so, what is the difference between TC's signatures and the WAF attack signatures? Both combined to greater reduce false positives? Thanks! A Threat Campaign is an attack associated with a specific malicious actor, attack vector, technique or intent. F5 discovers and investigates these attacks.
TC uses rules. WAF signatures are based on generic partner. TC has a set of rules (accurate rules). WAF sig can generate FP, but TC will not due to accuracy of the rules. Hope this help.
Does Threat Campaign still uses signatures to block? If so, what is the difference between TC's signatures and the WAF attack signatures? Both combined to greater reduce false positives? Thanks!
A Threat Campaign is an attack associated with a specific malicious actor, attack vector, technique or intent. F5 discovers and investigates these attacks.
TC uses rules. WAF signatures are based on generic partner. TC has a set of rules (accurate rules). WAF sig can generate FP, but TC will not due to accuracy of the rules. Hope this help.