ASM troubleshooting/ policy tuning

Hi All,

 

As I am new to ASM so just want to understand from ASM perspective what all troubleshooting or investigation are needed to done to identify if the violation triggered is false positive or actually an attack. e.g. In case there is sql injection attack then what all parameters I need to check on http response header to isolate if there is any leakage of data (when asm is in learning mode). Similarly wanted to understand what are the practices used by this community to create a robust policy. Any help here will be appreciated as I am struggling with investigation part.

 

Thanks