Forum Discussion
NimbostratusASM Global and URL Parameters
When initially building the policy using the fundamental policy type for the the automatic policy builder, it chose global as the parameter level. I have some parameters in my policy already, but after awhile I decided that the URL level would be a better fit for the policy. After switching to URL, I did not see any new parameters being added to the policy. If a parameter has already been identified as global by the policy builder, will it be able to add it at the URL level as well? I don't have much experience with deploying ASM and trying to get a better feel of what happens when you change settings in the middle of building your policy.
6 Replies
Hannes_RappJust do not change the parameter level setting while Policy is not yet out of Learning. If you do not want to start the Learning process from a scratch, you'll have to wait for the Policy Builder (current Learning process) to finish. Only when the Policy is out of Learning, you can proceed by deleting all the learned Parameters, and manually redefining them yourself with the new parameter level setting.
As a side note, you do not really have to go as deep as learning all the parameters. My best advice is to not perform wildcards tightening on Parameters initially, and if you later encounter any specific requirements in regards to parameters, you can add a few exceptions. It's better to have a policy with 5 custom Parameters, and one Wildcard parameter instead of a Policy with 500 Parameters and no Wildcard parameter. Despite added complexity, the second option does not add any significant benefit to security but it will certainly add management overhead.
carolyndiep_163When you say learning mode, are you talking about the traffic policy builder? I tried both ways and didn't get any new URL level parameters...I turned off policy builder to see if manual learning would pick any new parameters at a URL level and nothing new came through.
- Hannes_RappCan be either. I've modified my initial answer to give you more detail.
- carolyndiep_163
When you say learning mode, are you talking about the traffic policy builder? I tried both ways and didn't get any new URL level parameters...I turned off policy builder to see if manual learning would pick any new parameters at a URL level and nothing new came through.
- carolyndiep_163
I tweaked around the policy and was able to get the level of detail that I am looking for, but was curious as to why you said in your initial answer that there is now additional security benefits by having more parameters and no wildcard. I can understand the overhead issue, but with having more granular details will allow for granular security controls.
- Hannes_RappI believe you're correct and I overexadurated a bit. With that said, you really need the granularity down to individual parameters if there"s a lot of (expected) uniqueness across parameter configurations. I find with my customers that unique configurations are needed for a few, up to 5 sensitive parameters, and a generic configuration (wildcard) will suit for the rest. In the end, if you have the time, why not dig deeper... Have a great day!
