Forum Discussion

crowe's avatar
crowe
Icon for Cirrus rankCirrus
Jun 30, 2020

Re: ASM IP Exceptions

 

  • Hello, the category that seems to be blocking the valid traffic is "Botnets", you would still recommend removing that category? or would I make adjustments on the policy learning section?

 

7 Replies

  • Ivan_Chernenkii's avatar
    Ivan_Chernenkii
    Icon for Employee rankEmployee
    Jun 30, 2020

    Hello Crowe,

     

    Image is not available...

    If these are different IP addresses, but from the same subnet, then you can just add this subnet into Application Security : IP Addresses : IP Address Exceptions and Ignore IP Intelligence for it.

    If these are totally different IP addresses, but all of them are valid - it sounds strange for me, but in this case you can disable the whole category, to not add them one by one as exception via learning.

    If both case aren't good for you, then yes - proceed through the learning.

     

    Thanks, Ivan

  • crowe's avatar
    crowe
    Icon for Cirrus rankCirrus
    Jul 01, 2020

    It is strange indeed as it is always different public IP addresses being blocked, that is why we have ended up with three pages of /32 addresses in the IP exceptions list. Yesterday was the first day in two weeks since I have received a block, I'll give it more time to see if they are consistently the same category. Thank you.

    The image was just the details of what I'm seeing in ASM logs regarding the latest block.

     

  • crowe's avatar
    crowe
    Icon for Cirrus rankCirrus
    Jul 01, 2020

    Unfortuantely, the false positives are coming in under different categories. I just got a new one that is "Windows Exploits - Scanners".