Violation appearing in the event logs but not ASM learning suggestions
I've gone through DevCentral so I know similar questions have been asked, but none have the right answer.
When I type this URL: [HTTPS] /en/ty.exe, I get a violation/ support ID for the following:
Illegal file type 
Illegal URL length 
Illegal request length 
The traffic is quite rightly blocked, but nothing appears within the learning suggestions.
All of the violations are set to learn in the "learning & block settings".
The policy is in manual learning with a
Does everything that appears in the event logs not create a learning suggestion even if you've got it set to do so?
Is this decided by the ASM policy learning speeds? (Fast, enhanced and comprehensive)