Forum Discussion
Hello Hoang,
What version of BIG-IP do you use?
What configuration of "Policy Building Process" on "Security ›› Application Security : Policy Building : Learning and Blocking Settings" do you have?
By default we have some thresholds for learning like e.g. we need to get the same new parameter from 20 different source IPs during specific time period (each new IP during new hour)
If you want to add all entities by yourself automatically via learning, then for this period (DO NOT forget to disable it in production), you need to set "Trusted IP Addresses" to "All IP Addresses" in "Policy Building Process" - in such case entities will be automatically added for each request.
You can find status of learning process on "Security ›› Application Security : Policy Building : Traffic Learning" page.
Thanks, Ivan
Thanks Ivan Chernenkii
Thanks you for respone.
We have see some request in Traffic learning but it not enough. 100%.
How do you do reduce for traffic learnning ==> 100% fast.
Thanks Ivan
- Ivan_ChernenkiiAug 06, 2020Employee
Hello Hoang,
As I see, you use default configuration for "Policy Building Process"
Do you use learning in lab (specifically generated 100% correct traffic) or with real traffic?
If in lab, then just set set "Trusted IP Addresses" to "All IP Addresses" in "Policy Building Process" and it will get 100% after one request
If you use it with real traffic, then I would suggest to wait until you will get 100% with current configuration. It goes slow because you don't have enough untrusted sources (different Client IPs). If you will modify configuration of "Policy Building Process" during real traffic, then incorrect entities can be learned from attacker or bot traffic.
But in general, score is counted in this way - by default we should get request with appropriate entity from 20 different sources (Client IPs) and each new IP is added minimum after 1 hour when previous IP was added. So, currently you have 6 untrusted IPs - 100%/20*6=30%. So, to make it fast you need to reduce number of untrusted source in configuration OR reduce time between adding new source.
Thanks, Ivan
- Hoang_HungAug 07, 2020Cirrus
Thank Ivan
This is response very helpful
Thanks you so much
- Hoang_HungAug 26, 2020Cirrus
Hi
I have a question .
when was parameter auto attach signature ? ( I know i can customize manual attach signature)
After ASM learned parameter with staging No. But I have access it, i can see signatures attached to parmeters
Detail attach picture.
Thank you.
Hung Hoang
- Ivan_ChernenkiiSep 01, 2020Employee
Hoang,
I don't see any overridden signature for learned parameter.
Do you mean when signature is disabled for learned parameter?
Thanks, Ivan