As I think, ASM can block attacks by himself based on many rules and signatures. So my question is what's the objectif of integrated Learning Mode inSecurity Policy ?
@HoussNet , If I enable Staging for Attack signature or any of Entities , I Tell F5 ASM " Do not Block traffic violates this attack signature/or matched entity "
Learning mode is a concept we call it when our service still under testing not on air/or production service for all users , and ofcourse you should enable statging in this mode , to learn traffic without interruption of blocking a legitimate traffic.
you can enable Staging for Entites as way in the process of learning to make F5 not to Block any traffic violates these Entites , and when learning period completes you can enforce " Disable Staging" these Entity , this depends on what the type of learning ( Automatic/Manual) Learning.
I want to say that Staging is one of 3 ways permits/allows traffic that match any of staged entites or attack signatures.
I hope you have gotten it now. Feel free to reach out with me.
Hi @HoussNet , Learning mode in F5 ASM : is only a Concept not an indication that F5 ASM will block or permit malicious traffic. F5 ASM blocks/allows traffic based on :
>Transparent/Blocking mode.
> "Block" option enabled or not under each item in blocking and learning settings page.
> if there Staged entity or not in statging.
So F5 takes block action if you configure : - policy mode : Blocking - enable "block" option under needed items/Entities ( File types , urls , Attack signatures , parameters ...etc.) - disable Staging under needed items ( Attack signature ) or learned Entites ( parameters , filetypes , URLs .... etc and thire Wildcards "*" )
F5 Allow traffic if you change Policy mode to be transparent even it was malicious traffic , this for the whole policy and I think this is option that you Call it Learning mode ". Also If you are in Blocking mode and disabled "block" option under items/Entities which locate in ( Blocking and learning settings Page ) F5 allows any traffic violates (entities/items) , also if you enabled Stagging under each entity, if do not take a block action against it if you configure your policy in blocking mode .. OK !
> I want to say Also F5 can learn entities from traffic in blocking mode , this depend on if you enable "learn" option under each Items/Entites.
> Read this Article to find out more about F5 ASM :
@HoussNet , If I enable Staging for Attack signature or any of Entities , I Tell F5 ASM " Do not Block traffic violates this attack signature/or matched entity "
Learning mode is a concept we call it when our service still under testing not on air/or production service for all users , and ofcourse you should enable statging in this mode , to learn traffic without interruption of blocking a legitimate traffic.
you can enable Staging for Entites as way in the process of learning to make F5 not to Block any traffic violates these Entites , and when learning period completes you can enforce " Disable Staging" these Entity , this depends on what the type of learning ( Automatic/Manual) Learning.
I want to say that Staging is one of 3 ways permits/allows traffic that match any of staged entites or attack signatures.
I hope you have gotten it now. Feel free to reach out with me.
Realistic policies must be created and based on the environment of your organization. Create a backup timetable that works for your agency's needs and workload in any circumstance.
Realistic policies must be created and based on the environment of your organization. Create a backup timetable that works for your agency's needs and workload in any circumstance. I like researching sports history. I searched for an article about that and found this one: https://www.austadiums.com/news/1013/the-biggest-australian-sport-controversies. It gave comprehensive information on the biggest Australian sport controversies. If you're looking for the same information, this post is your best option. You can deepen your understanding by applying the knowledge in this post.
