ASM - Traffic Learning seems to be one way?
Correspondingly, I switched over to "Manual" Policy Building to get more control of the process. If I scan my site with a vulnerability scanner, I get two score signatures that show up under "Traffic Learning". My options appear to be:
Disable, Disable on parameters - If I understand correctly, this will tune the rule as a false positive.
Clear - This will remove the violation from the list, but it'll come right back the next time such traffic goes past.
There's no way to confirm, enable, affirm, whatever. I can't say "Yes, in fact, /WEB-INF/ is bad and don't ask to learn it because it's bad. Never going to be good. Not on the entry list. Make it go away and don't bother me about it."
I don't even know why they keep popping up because I unchecked 'Learn' from all of Policy->Blocking->Settings.
So, specific question: "Isn't there a way to say hey, that thing you were suspicious of, you were right, go to town on it?"
General question: "Any pointers for a holistic view of how the spectrum of learning to enforcing works with ASM?"
Any help appreciated!
Thanks,
Greg
P.S. My vuln scanner is Rapid7 and not supported for "Vulnerability Assessments," thus I'm "tuning" by hand.