"Have Suggestions" Vs "Ready To Be Enforced"
Hi, I am hoping to clarify my understanding of the 2 categories, "Have Suggestions" and "Ready to be Enforced" on the Enforcement Readiness page for an ASM policy. My thoughts at this stage are that those in "Ready to be Enforced" have not been triggered for the defined period of time and as a result should be able to be enforced with very little likelihood of causing an issue for real traffic. What appears in the "Have Suggestions" category has triggered alarms and each of these items should be individually reviewed to ensure it is a false positive or normal application behaviour (in this case Disable) or if the attempt is malicious that ensure that the rule is enforced. Any clarification of this information would be greatly appreciated. I have a policy with hundreds of 'Ready to Enforced' items and I want to enforce all however I am concerned that my understanding may be incorrect and that this could cause an issue if I enforce these items on the ASM policy. Thank you in advance.
ASM Signature Blocking, but not Enabled?
So I get a user ticket that says the user was blocked on the Application dir Access (\manage) signature. When I go to disable this attack signature on the parameter, it's not listed in the Global Security Policy Settings....So after some investigation I went to Manual Traffic Learning and found this signature listed, but not enforced yet... So my question is how did this user get blocked on a signature that hadn't been enforced or enabled yet? Granted the Policy itself is in Blocking Mode....??? Another Question is why did this signature not appear in the Global Security Policy Settings..??