Objectif of Learning mode in ASM
I am new in F5 ASM,
As I think, ASM can block attacks by himself based on many rules and signatures. So my question is what's the objectif of integrated Learning Mode inSecurity Policy ?
If I enable Staging for Attack signature or any of Entities , I Tell F5 ASM " Do not Block traffic violates this attack signature/or matched entity "
Learning mode is a concept we call it when our service still under testing not on air/or production service for all users , and ofcourse you should enable statging in this mode , to learn traffic without interruption of blocking a legitimate traffic.
you can enable Staging for Entites as way in the process of learning to make F5 not to Block any traffic violates these Entites , and when learning period completes you can enforce " Disable Staging" these Entity , this depends on what the type of learning ( Automatic/Manual) Learning.
I want to say that Staging is one of 3 ways permits/allows traffic that match any of staged entites or attack signatures.
I hope you have gotten it now.
Feel free to reach out with me.