ASM staging in Transparent and Blocking - what is difference

Piotr,

If an ASM object(e.g. signature/parameter/URI) is in Staging this means that when the Policy is in Blocking mode any violations relevant to this object will NOT BE BLOCKED.

Staging is useful when your Policy is in Blocking mode, but the we application you are protecting changes and you want to add new URI/Parameters/signatures in such a way without causing a block (basically have a selective transparent mode for that object).

Enforcement Readiness Period is basically a safety catch. It is there to protect you from generating unnecessary Blocks (false positives) by making sure you wait X number of days before you are allowed to click the Enforce button. It is assumed that the duration of the ERP will give you (the ASM Administrator) enough time to analyze the violations, weed out the false positives and tune the policy to minimize them without causing actual blocks and affecting live users.

So after the ERP is over the learning does not stop, you just get a chance to Enforce.

There is NO AUTOMATIC ENFORCEMENT IN ASM. Remember this. Otherwise you will wake up one night by the angry helpdesk calls of people screaming that the application has stopped working in the middle of the night because ASM has started enforcing something and it is causing false positive blocks :)

Enforcement is always manual and it is the ASM Administrator's decision to click on the Enforce button.

Hope this helps,

Sam