ADC

Bot signature auto update

The bot static signature technique uses a signature lookup table with a list of good and bad bots. The bots are categorized based on user-agent string and domain names. If the user-agent string and domain name in incoming bot traffic matches a value in the lookup table, the configured bot action is applied. The bot signature updates are hosted on the AWS cloud and the signature lookup table communicates with the AWS database for signature updates. The auto signature update scheduler runs every 1-hour to check the AWS database and updates the signature table in the NetScaler appliance.

The signature auto update URL to configure is, https://nsbotsignatures.s3.amazonaws.com/BotSignatureMapping.json

Note:

You can also configure a proxy server and periodically update signatures from the AWS cloud to the appliance through the proxy. For proxy configuration, you must set the proxy IP address and port address in the bot settings.

How bot signature auto update works

The following diagram shows how the bot signatures are retrieved from the AWS cloud, updated on NetScaler, and viewed on NetScaler Console for signature update summary.

Bot signature auto update

The bot signature auto-update scheduler does the following:

  1. Retrieves the mapping file from the AWS URI.
  2. Checks the latest signatures in the mapping file with the existing signatures in the ADC appliance.
  3. Downloads the new signatures from AWS and verifies the signature integrity.
  4. Updates the existing bot signatures with the new signatures in the bot signature file.
  5. Generates an SNMP alert and sends the signature update summary to NetScaler Console.

Configure bot signature auto update

For configuring bot signature auto update, complete the following steps:

Enable bot signature auto update

You must enable the auto update option in the bot settings on the ADC appliance. At the command prompt, type:

set bot settings –signatureAutoUpdate ON

Configure proxy server settings (optional)

If you are accessing the AWS signature database through a proxy server, you must configure the proxy server and port. set bot settings –proxyserver –proxyport

Example:

set bot settings –proxy server 1.1.1.1 –proxyport 1356

Configure bot signature auto update using the NetScaler GUI

Complete the following steps to configure bot signature auto update:

  1. Navigate to Security > NetScaler Bot Management.
  2. In the details pane, under Settings click Change NetScaler Bot Management Settings.
  3. In the Configure NetScaler Bot Management Settings, select the Auto Update Signature checkbox.
  4. Click OK and Close.
<!--NeedCopy-->
Bot signature auto update