Forum Discussion
NimbostratusASM policy building: How to reduce the amount of entities learned?
As far as i know...
First> no, if you have exact entity and also wildcard that match that entity, explicit one will be used, not wildcard.
Second> If i am right with first answer then no, it will not impact performance since wildcard entity is not used, unless you have thousands of wildcard entities since ASM use memory to store all it can..
You can easily check this, create test parameter and test wildcard parameter matching it. Use different settings, let's say turn off Attack Signature check on explicit parameter and turn it on on wildcard. Try to generate attack, for example add
AltocumulusAs far as i know...
First> no, if you have exact entity and also wildcard that match that entity, explicit one will be used, not wildcard.
Second> If i am right with first answer then no, it will not impact performance since wildcard entity is not used, unless you have thousands of wildcard entities since ASM use memory to store all it can..
You can easily check this, create test parameter and test wildcard parameter matching it. Use different settings, let's say turn off Attack Signature check on explicit parameter and turn it on on wildcard. Try to generate attack, for example add
Javier_124486Thanks Mr. Katic, fair enough. It has complete sense to match the specific one rather than the wildcard (i was thinking in network layer firewalls). Before you replied I tested with some sql instruction and you are right, specific ones were chosen. About the "cleaning" process of the policy i might have to accept that it has to be done manually using the parameters section...well, once i assume it i will start with it. Thanks and have a good day!
