Forum Discussion

jay_41195's avatar
jay_41195
Icon for Nimbostratus rankNimbostratus
Apr 10, 2018

ASM automatic learning policy

Hi   I am building a security policy via Automatic learning and have a few questions as the documentation confuses me.   In traffic learning there is a list of suggestions as per screenshot, f...
application delivery
ASM Advanced WAF
security
BinaryCanary_19's avatar
BinaryCanary_19
Historic F5 Account
Apr 11, 2018

Yes, when it gets to 100%, the actions shown will be taken, that is to enable Alarm and Block on that violation.

 

Staging is not relevant here (failed to convert character) because staging is not a property of Violations -- it applies to URLs, Attack Signatures, parameters etc, so that is not affected.

 

A way to interpret that particular learning suggestion is that the system is seeing traffic that isn't triggering that violation, so it is 50% sure that it is safe to enable blocking and alarming (more so if you look at the event logs and you don't see any requests that are flagged with this violation).

 

jay_41195's avatar
jay_41195
Icon for Nimbostratus rankNimbostratus
Apr 17, 2018

OK thanks for that analogy, makes more sense, the online documentation is not that clear. SO the higher the score then it is safer to accept it or in case of auto learning ASM will accept it when it reaches 100%? Yes I cant see any requests in logs that flag this violation but what does it mean when it says "512 requests triggered this suggestion" in Security ›› Application Security : Policy Building : Traffic Learning for the "failed to convert character" violation.