Forum Discussion
ASM Manual Learning Clarification
Hello
I enabled manual learning for web application (transparent mode). I enabled learning on illegal file, illegal parameter and illegal URL types in block settings. So I should get the learning suggestion for files, parameters and URL.
My question is that to get learning suggestions for url, file types, parameters, is it mandatory to create wildcard for file types, URL and parameters as well OR just enabling learning suggestion is fine?
Hi,
You have 3 level of learning. And in any case you need the wildcard to be present in each entity of the security policy. You can remove the wildcard once you finished building your security policy.
Hi,
You have 3 level of learning. And in any case you need the wildcard to be present in each entity of the security policy. You can remove the wildcard once you finished building your security policy.
- ghost-rider_124NimbostratusI mean, If I do not create wildcard entity then it will not give me learning suggestion?
- If you are talking about the manual learning of entities, so yes you need the wildcard to be present on each entity. It's a feature to discover new urls, parameters, file types, etc.
- It's not the same as enforcement readiness that fine tune suggestions for signatures, lengths, etc.
- Yann_Desmarest_Nacreous
Hi,
You have 3 level of learning. And in any case you need the wildcard to be present in each entity of the security policy. You can remove the wildcard once you finished building your security policy.
- ghost-rider_124NimbostratusI mean, If I do not create wildcard entity then it will not give me learning suggestion?
- Yann_Desmarest_NacreousIf you are talking about the manual learning of entities, so yes you need the wildcard to be present on each entity. It's a feature to discover new urls, parameters, file types, etc.
- Yann_Desmarest_NacreousIt's not the same as enforcement readiness that fine tune suggestions for signatures, lengths, etc.
Hi,
for each entity type, you can define those 3 levels (extract from kb) :
Never (wildcard only) Specifies that when false positives occur, the system suggests relaxing the settings of the wildcard. Selective Applies only to * wildcard entity. Add All Entities Creates a comprehensive whitelist policy that includes all web site entities. This option results in a large, more granular configuration with stricter security. If Policy Builder is running, it adds explicit entities that match a wildcard to the security policy. When the security policy is stable, the * wildcard is removed. If Policy Builder is not running, the system suggests adding explicit entities that match the wildcard.
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com