davidfisher
Oct 04, 2022Cirrus
ASM policy building - automatic or manual?
I'm thinking something like such
start with the rapid deployment template.
set learning mode to automatic
add some trusted IPs if possible
enable attack signature recommendation tool
and done in 7 days. .
However, a major issue is many people/customers don't like the automatic building and want it to be done manually.
People don't seem to trust the idea of automatic policy building and feel its going to be "less secure" - do you face this issue?
How do you work around this?
Should I increase the loosen policy settings to make it require more sources to accept the traffic? Maybe 30 sources instead of 20?
The source here only considers the source IP right?