ASM staging in Transparent and Blocking - what is difference

Hello Piotr, Transparency applies to the overall security policy. A security policy in transparent mode will never block an illegal request. A security policy in blocking mode can block requests if other conditions are met. Staging applies to 2 vastly different things: the entities of a web application which have enforceable attributes (such as byte length), or violation rules which can be turned on or off, such as attack signatures. If a violation occurs involving any entity or other rule which is in staging, the request will not be blocked even if the policy is in blocking mode. Transparent mode guarantees that no requests will be blocked. If you have a complex application, and you need to allow time for ASM to learn the attributes of entities (such as parameters and cookies), and/or you need to allow time for ASM to identify attack signatures which are causing false positives, you use the Enforcement Readiness Period to control how much time to allow for traffic to be observed. During this time, you can assess violations and determine if they are false positives or not. When you are ready, you can remove entities from staging, one at a time, or as a group, by Enforcing them. This allows you to reduce false positives which harm the user experience. After the default period expires, ASM will designate entities and rules as ready to be enforced. However, you always have the option to Enforce an entity earlier if necessary.

For rules that are in staging, you have the option to Enforcing them, which removes staging, or to disable them entirely--at either the policy level, or if they are applied to an entity at a granular level.

Learning will occur as long as a wildcard exists for those entities for which learning attributes is relevant.

The Real Traffic Policy Builder option can automate this process. By using trusted traffic first, many administrators can build a robust policy.