ASM Traffic Learning page question

If you click the expand button in the upper right and then all details you should be able to see the request and all the information that you need in the learning screen

Hey Dave, Thanks for replying. I see a maximize button but that does not give me any more details that I can see. See attached. What am I missing?

Actually it looks to me like if the learning score is 100%, it does not show you the details. I have others that have not reached 100% I have all the details for those..

Are you using automatic or manual learning? I saw the same issue for suggestions that were not at 100% and had the same behavior, not sure what it going on there.

Manual. I guess it assumes you don't need to look at details when it is 100% sure :). I suppose in automatic mode they wouldn't even be listed here at all at100%.

I have an ASM that is also v13.1 and is showing the same behavior but the learning score is on 11%. In fact all requests except for a 403 are not showing anything. See pic

I just checked another and sure enough I have some that are the same way. I wonder if it only shows this for certain suggestions? Either way I opened a ticket and will let you know what they say.

Thanks, I am very interested in finding out what this is.

Hi guys,

Traffic learning module has it's limitations. I think it can store 100000 samples across all policies (it used to be like that in v 11.x). So if the samples are gone, they were simply removed because of that limit. So the system shows you there were violations, but they were already removed.

It can be because of 2 reasons.

1 - you are learning many violations - for example "illegal metachar in value" can generate heaps of violations, so that all other violation samples are gone.

2 - there was an attack, maybe a vulnerability scan which again triggered many violations which caused the older samples to be wiped.

Jiri