cancel
Showing results for 
Search instead for 
Did you mean: 

ASM Child policies can't accept asm events

JWhitesPro_1928
Cirrostratus
Cirrostratus

"This action is disabled for security policies with parent policy." - When you go to accept an event in ASM...

 

Is there a way to disable this so that I can accept the event...if there is not then I do not see the point of child policies...

 

2 REPLIES 2

Erik_Novak
F5 Employee
F5 Employee

Most likely what has happened is that the inheritance setting for the suggestion you cannot accept from the child is "mandatory." This means that the violation needs to reach a learning score above 50 percent before it will appear in the parent policy. Can you try changing the inheritance rule from "mandatory" to "optional" and then accept the suggestion from the child?

 

kaizen
Altocumulus
Altocumulus

I have the same issue. I used a parent policy so that we can have "layered security" and not to do some settings repeatedly. It seemed a good idea in the beginning but now it seems it makes things more difficult.

My child policy is with all inheretance either none or optional but still accept is greyed out for some false positive violations. What is the best way to fix this? Manual configuration of parameters and settings for each violation which needs to be allowed seems tedious..

How can I check for the triggered violations what is the learning score (from the Application requests event log)?