Forum Discussion

Demeter_Luo_168's avatar
Demeter_Luo_168
Icon for Nimbostratus rankNimbostratus
Sep 06, 2016

ASM - The difference between Real Traffic Policy Builder & Staging & Learn .

Hi All

 

Who can particular tell me about three configuration the "difference" and "relationship".

 

About their configuration path at ASM Web GUI:

 

(1)Security ›› Application Security : Policy Building : Settings -> "Real Traffic Policy Builder"

 

(2)Security ›› Application Security : URLs/Attack Signatures Configuration/Parameter .... ->"Perform Staging"

 

(3)Security ›› Application Security : Blocking : Settings -> "Learn"

 

Many Thanks

 

D.Luo

 

  • If an entity in "Blocking : Settings -> Learn" is set to be Learnt, then it will appear in "Manual traffic learning". Any of these can be accepted manually by the user into the policy and will then appear in "allowed url/file type/etc" menu.

     

    ER menu is about manually activate rules into the policy which have been on staging period or automatically learnt by the RTPB. If you are in manual mode, they need to be enforced manually by the user. If you select Automatic poplicy (i.e. the RTPB), they will get enforced once RTPB decides it's time to do it.

     

  • If an entity in "Blocking : Settings -> Learn" is set to be Learnt, then it will appear in "Manual traffic learning". Any of these can be accepted manually by the user into the policy and will then appear in "allowed url/file type/etc" menu.

     

    ER menu is about manually activate rules into the policy which have been on staging period or automatically learnt by the RTPB. If you are in manual mode, they need to be enforced manually by the user. If you select Automatic poplicy (i.e. the RTPB), they will get enforced once RTPB decides it's time to do it.

     

  • Hello

     

    1) This is the F5 algorithm used in the Automatic DW to learn during 7 days the Web traffic in order to implement the security policy. Before the end of the 7 days the ASM admin still needs to Enforce the rules in the Enforce Readiness tab, otherwise that traffic is not blocked. Enforcement is never automatic, even after 7 days.

     

    2) To prevent a signature to block users to access your website (even in Blocking mode), it allows a staging period so that the ASM admin can decide if this is a valid signature (and consequentially enforce it) or if it is a false positive (and delete it).

     

    3) For each violation you can decide if it can be learnt into and ASM policy (i.e. by acknowledging first by the ASM admin), alerted or blocked right away.

     

    1 uses 2 and 3, but 2 and 3 can be used also in Manual Learning process in the Policy DW.

     

    • Demeter_Luo's avatar
      Demeter_Luo
      Icon for Nimbostratus rankNimbostratus

      Hi Friends

       

      About "Perform Staging" and "Blocking : Settings -> Learn" ,they learn the result of show separately in “Enforcement Readiness” and “Manual Traffic Learning” .

       

      I want to ask the question is whether “Manual Traffic Learning” and “Enforcement Readiness” learn the suggestions have intersection?

       

      What is the specific difference between “Manual Traffic Learning” 's and “Enforcement Readiness” 's learning suggestions?

       

      Thanks Again D.Luo