For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

schusb's avatar
schusb
Icon for Nimbostratus rankNimbostratus
Apr 11, 2018

Scheduled report for Traffic Learnings

We have hundreds of Security Policies deployed (ASM v13.1), so checking all Security Policies for Traffic Learning events via the GUI: Security --> Application Security --> Policy Building --> Traffi...
ASM Advanced WAF
scheduled reports
security
traffic learning
Romani_2788's avatar
Romani_2788
Historic F5 Account
May 02, 2018

You might want to raise this through Support as a Request for Enhancement (RFE) for due consideration. However, be aware that with the Unified learning frame work added from v12.0, all similar learnt entities are all aggregated to gather anyway, and once you treat each one (accept or ignore), they will no longer show up under learning suggestions.

 

This might not make much difference if the same suggestions are been generated each day without been treated.

 

Pretty much, once the noise has been treated they don't come back to clog your systems and any suggestions thereafter will be new from the ones that had been previously treated.

 

Also, if you are implementing such amount of policies (keyword here is implementing), then you might want to consider Automatic Policy Builder to take the administrative burden off you.

 

Romani_2788's avatar
Romani_2788
Historic F5 Account
May 24, 2018

Yes, the learning mode determines if you are learning the policy manually, or automatically. Automatically means that you have the Automatic Policy Builder turned on, and will the doing the learning of the data minimal interaction from you.

 

Feel free to check what options are available to you through the REST API, and you might be able to find an endpoint that works for you, but you will have to investigate this.

 

The iControl(R) REST API User Guide, Version 13.0.0, should give guidance on this.