ASM: Traffic learning - Enforce
Hello, I'm confused about (Manual) Traffic learning in version 12.1.2. The options are only Accept, Delete or Ignore Suggestion. Specific request is not blocked (Legal request) - Action is: "Set Perform Staging to disabled. ...", so if I Accept Suggestion, Staging will be disabled - which I don't want. Is there any option to directly set signature to "Enforce" under Traffic Learning Screen, like it was in previous version (11.6.0)? 12.1.2: 11.6.0: Best regards, Špela
"Have Suggestions" Vs "Ready To Be Enforced"
Hi, I am hoping to clarify my understanding of the 2 categories, "Have Suggestions" and "Ready to be Enforced" on the Enforcement Readiness page for an ASM policy. My thoughts at this stage are that those in "Ready to be Enforced" have not been triggered for the defined period of time and as a result should be able to be enforced with very little likelihood of causing an issue for real traffic. What appears in the "Have Suggestions" category has triggered alarms and each of these items should be individually reviewed to ensure it is a false positive or normal application behaviour (in this case Disable) or if the attempt is malicious that ensure that the rule is enforced. Any clarification of this information would be greatly appreciated. I have a policy with hundreds of 'Ready to Enforced' items and I want to enforce all however I am concerned that my understanding may be incorrect and that this could cause an issue if I enforce these items on the ASM policy. Thank you in advance.
