Forum Discussion

ghost-rider_124's avatar
ghost-rider_124
Icon for Nimbostratus rankNimbostratus
Jun 08, 2016

ASM Manual Learning Clarification

Hello

 

I enabled manual learning for web application (transparent mode). I enabled learning on illegal file, illegal parameter and illegal URL types in block settings. So I should get the learning suggestion for files, parameters and URL.

 

My question is that to get learning suggestions for url, file types, parameters, is it mandatory to create wildcard for file types, URL and parameters as well OR just enabling learning suggestion is fine?

 

ASM Advanced WAF
security
  • Yann_Desmarest_'s avatar
    Yann_Desmarest_
    Jun 08, 2016

    Hi,

     

    You have 3 level of learning. And in any case you need the wildcard to be present in each entity of the security policy. You can remove the wildcard once you finished building your security policy.

     

  • Yann_Desmarest's avatar
    Yann_Desmarest
    Icon for Cirrus rankCirrus
    Jun 08, 2016

    Hi,

     

    You have 3 level of learning. And in any case you need the wildcard to be present in each entity of the security policy. You can remove the wildcard once you finished building your security policy.

     

    • ghost-rider_124's avatar
      ghost-rider_124
      Icon for Nimbostratus rankNimbostratus
      Jun 08, 2016
      I mean, If I do not create wildcard entity then it will not give me learning suggestion?
    • Yann_Desmarest's avatar
      Yann_Desmarest
      Icon for Cirrus rankCirrus
      Jun 08, 2016
      If you are talking about the manual learning of entities, so yes you need the wildcard to be present on each entity. It's a feature to discover new urls, parameters, file types, etc.
    • Yann_Desmarest's avatar
      Yann_Desmarest
      Icon for Cirrus rankCirrus
      Jun 08, 2016
      It's not the same as enforcement readiness that fine tune suggestions for signatures, lengths, etc.
  • Yann_Desmarest_'s avatar
    Yann_Desmarest_
    Icon for Nacreous rankNacreous
    Jun 08, 2016

    Hi,

     

    You have 3 level of learning. And in any case you need the wildcard to be present in each entity of the security policy. You can remove the wildcard once you finished building your security policy.

     

    • ghost-rider_124's avatar
      ghost-rider_124
      Icon for Nimbostratus rankNimbostratus
      Jun 08, 2016
      I mean, If I do not create wildcard entity then it will not give me learning suggestion?
    • Yann_Desmarest_'s avatar
      Yann_Desmarest_
      Icon for Nacreous rankNacreous
      Jun 08, 2016
      If you are talking about the manual learning of entities, so yes you need the wildcard to be present on each entity. It's a feature to discover new urls, parameters, file types, etc.
    • Yann_Desmarest_'s avatar
      Yann_Desmarest_
      Icon for Nacreous rankNacreous
      Jun 08, 2016
      It's not the same as enforcement readiness that fine tune suggestions for signatures, lengths, etc.
  • Yann_Desmarest's avatar
    Yann_Desmarest
    Icon for Cirrus rankCirrus
    Jun 08, 2016

    Hi,

    for each entity type, you can define those 3 levels (extract from kb) : 

    Never (wildcard only)   Specifies that when false positives occur, the system suggests relaxing the settings of the wildcard.

Selective   Applies only to * wildcard entity. 

Add All Entities    Creates a comprehensive whitelist policy that includes all web site entities. This option results in a large, more granular configuration with stricter security. If Policy Builder is running, it adds explicit entities that match a wildcard to the security policy. When the security policy is stable, the * wildcard is removed. If Policy Builder is not running, the system suggests adding explicit entities that match the wildcard.