Forum Discussion
SSHSSH_97332
Nimbostratus
NimbostratusStaging Meaning
i read about Tightening & Staging
i understood that Tightening is for File types wildcards ( any requests matching the wild cards will be logged and a learning suggestion will be generated )
but what is staging ?
natheCirrocumulus
sshssh
When you update the ASM signatures and if configured to do so, any new and/or updated signatures are placed into Staging mode - the period of which is also configurable. When in Staging any of these signatures that are triggered are not blocked, as would've been otherwise. This is to ensure that for this period you don't get any unwanted false positives due to legitimate traffic being blocked by these new or updated sigs. After the staging period you can then choose to enforce all the attack signatures in Staging that weren't triggered in this period. Ones that have been triggered you can audit to either enforce or to disable on certain parameters or disable altogether.
Hope this helps,
N- SSHSSH_97332Thanks Nathan
- SSHSSH_97332Thanks Nathan
- SSHSSH_97332Thanks Nathan
- SSHSSH_97332Sorry for multiple posts , my browser hanged
Mike_MaherSSHSSH,
Attack Signatures is not the only use for staging, your assumption surrounding tightening in correct for file types, but also applies to URLs and parameters. Staging can also be used within File Types and Parameter as well, you can place individual file types into staging mode in order to learn lengths and the same is true for parameters to learn their values. So basically you can have your policy in blocking mode and still turn on staging for a particular file type or parameter thus allowing you to keep as much security as possible in place.
Mike