Forum Discussion
Samir
Feb 16, 2020MVP
It depends on type of application hosted on ASM. But ignore value (2nd option) will be better then first one.
Best way go through traffic learning event logs and analyze it.
- AurelMar 03, 2020Cirrus
Hi,
thanks for your comment. But can you elaborate on why "ignore value" would be the best option ?
Trying to count "Parameter based" signatures, i am getting the 1/3 ratio versus all signatures. Meaning that removing them would remove around 1/3 of the attack signatures.
I can't unfortunately identify what is called "Content signatures" to compare any proportion, and mostly to conclude about each security tradeoff more accurate score.