DoS profile Learning Phase

Hi, 
I see that you configure some vectors in fully automatic.. 
My question is > are those vectors in a Mitigate status or ( Detect only/learn only) 
1) If it ( Detect/learn only Status ) the Dos profile will do nothing just will keep leaning and figure it's baseline traffic, and as you said if traffic hit the detection threshold or the floor value ( if floor value larger than detection EPS ) Bigip stops learning.

2) If it ( Mitigate ) Status with fully automatic >>> Bigip will mitigate only under two conditions : 
      i. The Traffic exceeded Detection EPS AND BIGIP sensed/saw there is a huge stress on the backend servers at the same time ( such as high latency coming in server responses )

 So the mitigation doesn't occur if the EPS reached to Detection EPS only, but Mitigation triggers if Detection EPS reached and there is a servers stress/high latency on servers. 
this for Protection/Dos profiles that used to protect virtual servers. 

If you use Device DoS >>> Mitigation Triggers for vector if Detection EPS reached and there are high Spikes/load on BIGIP CPU. 

Just wanted to differentiate between Protection profiles and Device DoS in Automatic mode. 

>>>>>

If you want to start Mitigation after anomaly detection >>> you should configure DOS Vectors on Fully Manual so BIGIP will not consider any stress or high CPU load to start the mitigation, but it triggers the mitigation upon reaching to mitigate thresholds. 

So I think you need to adjust the used DoS vectors from fully Automatic to fully manual to take your expected effect when mitigation EPS reached.

I hope I have given you some insights

Thanks :)