best practices with parameters learning

HELLO

 

if we decide to learn all parameters (add all entities) and have "illegal parameter" ON in traffic learning settings, is there a best practice on which parameters should be learnt?

 

I know that this should be decided by the customer web team, who should know which parameters are important to be protected but....

 

Having hundreds of parameter looks unreasonable in terms of efforts to manage the policy, so could we say we protect only the parameters that:

 

• do not change too often in the application* are considered more prone to attacks -....

also, another question related.....in ASM, an ignored parameter will trigger anyway a violation / log (assuming illegal parameter is selected in alert mode in the traffic learning settings)??

 

we use "add all entities" for parameters and we would like to reduce the footprint of the parameters as too many were learnt by ASM.

 

thanks