Progress of a security policy learning

Question

Hello everybody.&nbsp;
&nbsp;This is my first post in this forum. I have always read its content but I have never write on it, so sorry for my english.&nbsp;
&nbsp;I have worked with the ASM for a short time and I don't know how can I do the followings actions:&nbsp;
&nbsp;1.- I have created a security policy with the rapid deployment for a entire virtual server (with aplications and services). This policy is learning with real traffic on the internet. My doubt is about the progress of this learning. 
&nbsp;A example:  The log policy shows the message:  "Policy Builder determined that security policy "policyxxxxx" is stable" and, after a short period of time, the log shows "Policy Builder determined that security policy "policyxxxxx" is unstable". I would like to know the reason why this is happening. I don´t know when finish the process.&nbsp;
&nbsp;2.- I need ASM analizes the real trafic in order to check if requests include a particular cookie in this case, the security policy allows the access to our web services, but on the contrary the sistem doesn´t allow IT.&nbsp;
&nbsp;Can you help me?&nbsp;
&nbsp;Thank you.&nbsp;
&nbsp;Regards.&nbsp;

imij_38396 · Answer

not a guru, but i will do my best to help -  
&nbsp;  
&nbsp; 1.  there are various tabs for logs.  are you looking at the ASM logs or another log? 
&nbsp; if your looking at the ASM log, what are the recurring violations? 
&nbsp;  
&nbsp; 2. got to ASM &gt; Headers &gt; Cookies &gt; Cookies  
&nbsp; is everything in that section configured correctly? and do you have the explicit and enforced cookies defined?

ido_breger_3805 · Answer

Hi Jose, 
&nbsp; wanted to help you  - I have a few questions: 
&nbsp; 1. Which version do you use? 
&nbsp; 2. Are you running the policy builder with real live internet traffic (it should be run with live traffic) 
&nbsp; 3. Do you know if the protected web application is changing (could it be that someone updated the code of the application?)? 
&nbsp; 4. If I understand you, you would like to allow access to a specific web application based on the presence of a cookie name? what about the cookie value? is it enough to look at the cookie name?

jose_comendador · Answer

Hi Ido, thanks for your interest.&nbsp;
&nbsp;I´m going to answer you in order:&nbsp;
&nbsp;1.- Version 10.2.1
&nbsp;2.- Yes.
&nbsp;3.- No, but I don´t think so.
&nbsp;4.- Yes, I would like to allow access to a specific Web Application based on the presence of a cookie name. But I don´t understand you in the second question. I think is enough with the cookie name.
&nbsp; 
&nbsp;Thank you very much.&nbsp;
&nbsp;Have a nice day.&nbsp;&nbsp;

jose_comendador · Answer

Thanks Imij. I only check the Automatic policy building log (ASM) 
&nbsp;  
&nbsp; Yeah, you are Ok with the point 2. 
&nbsp;  
&nbsp; Have a nice day.

Forum Discussion

Progress of a security policy learning

Recent Discussions

Outlook application issue

Why does WAF block HTTP OPTION method

Rewriting Location Header in iRule

HA Configuration (One in primary and One in DR)

Sending a trusted certificate to server

Related Content

Powering Progressive Deployment in Kubernetes with NGINX and Argo Rollouts

Using ChatGPT for security and introduction of AI security

Parsing tmsh command output with Python TextFSM module and some Lessons learned

Using Distributed Application Security Policies in Secure Multicloud Networking Customer Edge Sites

Community Learning Path: Web Application and API Protection (WAAP)