Traffic learning URL suggestion [HTTP] *.gif / jpg / png since upgrade to 12.1.1
Since we upgraded to version 12.1.1, we have suggestions like these: Action: Add URL Matched HTTP URL: [HTTP] *.gif Action: Add URL Matched HTTP URL: [HTTP] *.jpg Action: Add URL Matched HTTP URL: [HTTP] *.png If policy is case sensitive it looks like that: Action: Add URL Matched HTTP URL: [HTTP] *.[Gg][Ii][Ff] Even though we have URL's which uses wildcard to accept e.g.: /url/*.gif this suggestions come over and over again. I would expect that at least it would tag a matched wildcard, which is not happening. I can for sure ignore it... but I would like to understand why it there and why is it good for. Can anyone explain Cheers St.
ASM exclude geolocation from traffic learning
It would be an awesome feature if it were possible to exclude geolocation countries from the ASM traffic learning, for example only allowing to learn from specific countries. Likewise preventing traffic learning entries to be spoiled with foreign countries. Is there any upcoming release where it would be possible to configure geographic location exclusions in the IP address exclusion section and/or inside the traffic learning settings of ASM?
Using iMacros to Expedite ASM Policy Traffic Learning
Hey Everyone, In the ASM Demo Youtube series, the host uses these iMacros (think a selenium web driver) in order to fire off a bunch of SQL injection and other types of attacks at the site (DVWA) which he is building an ASM policy for. This expedites ASM policy learning among other benefits. My question is relatively simple: While I am building the policy ultimately for my companies own proprietary app, is it possible to build the policy against something like the DVWA where I can use iMacros to speed up the learning and fire a bunch of attacks at it to learn, and then after it has picked up some nuances of attack signatures and things like that, can I then apply the policy to my companies' app and move it off of the DVWA where the iMacros were tested on. Will something like this work? Also, any idea where to download some iMacros that are security oriented (as I am not sure I would be confident in covering all of my bases for different attacks that I would like to have ran against the policy to learn before going live in production, and if there were some scripts already out there (commercial is fine) that would be helpful too! Thanks in advance for any advice! Best, -cmm-
Scheduled report for Traffic Learnings
We have hundreds of Security Policies deployed (ASM v13.1), so checking all Security Policies for Traffic Learning events via the GUI: Security --> Application Security --> Policy Building --> Traffic Learning is quite annoying. I would prefer a daily report, which shows only those policies with new Traffic Learning entries availaible.
ASM: Traffic learning - Enforce
Hello, I'm confused about (Manual) Traffic learning in version 12.1.2. The options are only Accept, Delete or Ignore Suggestion. Specific request is not blocked (Legal request) - Action is: "Set Perform Staging to disabled. ...", so if I Accept Suggestion, Staging will be disabled - which I don't want. Is there any option to directly set signature to "Enforce" under Traffic Learning Screen, like it was in previous version (11.6.0)? 12.1.2: 11.6.0: Best regards, Špela
