Violation appearing in the event logs but not ASM learning suggestions

Question

Hi,&nbsp;
I've gone through DevCentral so I know similar questions have been asked, but none have the right answer.&nbsp;
When I type this URL: [HTTPS] /en/ty.exe, I get a violation/ support ID for the following:&nbsp;
Detected Violations&nbsp;
Illegal file type [1]&nbsp;
Illegal URL length [1]&nbsp;
Illegal request length [1]&nbsp;
The traffic is quite rightly blocked, but nothing appears within the learning suggestions.&nbsp;
All of the violations are set to learn in the "learning &amp; block settings".&nbsp;
The policy is in manual learning with a &nbsp;
Does everything that appears in the event logs not create a learning suggestion even if you've got it set to do so?&nbsp;
Is this decided by the ASM policy learning speeds? (Fast, enhanced and comprehensive)&nbsp;

&nbsp;

stanislas_piro2 · Answer

In learning page, click on filter / advanced and move the cursor from 5 to 0! &nbsp;
Default learning suggestion under 5% are not displayed!&nbsp;

Forum Discussion

Violation appearing in the event logs but not ASM learning suggestions

1 Reply

Welcome! a la Communidad DevCentral LATAM de F5!

The New F5 Certified BIG-IP Administrator Certification Exams Now Live

Recent Discussions

ASM Sec-CH-UA-Full-Version-List backquote in Header

Scenarios where Service Policy should be used over iRule and Vice versa

Issue on connection limit

Request logging: some fields not recorded

F5 Distributed Cloud Services Simulator Connect

Related Content

No Learning Suggestions But could see Violations in the event logs

Separating False Positives from Legitimate Violations

Rate limiting GraphQL API query using iRule and Advanced WAF Violation

Planning to Upgrade. Please suggest.

F5 ASM | count violation

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS