Hi KM,
There are quite a few new features in 10.2.0. You might consider upgrading to this version before beginning the policy building:
https://support.f5.com/kb/en-us/products/big-ip_asm/releasenotes/product/relnotes_asm_10_2_0.htmlnew_feat
If the VS's are in production, I'd start with a test VS that isn't accessible by the public. You can then experiment with the ASM and LTM configuration without affecting live traffic.
You could start reading the ASM config guide to learn the basics of configuring and tuning a policy.
https://support.f5.com/kb/en-us/products/big-ip_asm/versions.10_2_0.html
-> BIG-IP Application Security Manager: Getting Started Guide
-> Configuration Guide for BIG-IP Application Security Manager
Aaron