18-Dec-2022 10:13
Hello Community,
I noticed the below logs appearing in /var/log/asm frequently I am curious to know what could be the reason behind them.
I just want to confirm that I dont have any "Automatic Policy" cofigured.
=================================================
info perl[x]: 01310053:6: ASMConfig change: [update] { audit: component = Policy Builder }
info perl[x]: 01310053:6: ASMConfig change: [add]: IncidentType was set to Access from Malicious or Disallowed source.
================================================
18-Dec-2022 15:42
Hi @Sarah ,
> I think you enable Automatic Learning with one of your policies so you find this Log much , I recommed to review your policies again maybe there is at least one policy has this option enabled by mistake.
> If you find any of your policies enables Automatic Learninng , this is maybe a reason for this Log.
> To know About "the Shape of Automatic policy builder " :
Navigate this Article :
https://techdocs.f5.com/kb/en-us/products/big-ip_asm/manuals/product/asm-implementations-11-5-0/36.h...
Hope this helps you