I'm trying to validate that my configuration is correct to enable a stress based dos profile in transparent mode. I was reading the documentation from F5 and they did not make it abundantly clear if mitigation is needed to be defined for each one of the analyzed fields (i.e Source IP, Device ID, URL, etc) if I just want the dos mitigation to be behavioral. In the current configuration listed in the image, will this mitigate a stress based dos?
Note the de-escalation period is set extremely quick for testing purposes right now.
Referenced documentation: https://support.f5.com/kb/en-us/products/big-ip_asm/manuals/product/asm-implementations-12-0-0/2.html
Jon, you don't need to select other detection criteria so just Behavioral should work - although i must admit i've not tested this personally. By the way, i think this feature was officially introduced in v12.1, so you might want to reference this article for more information BIG-IP Application Security Manager: Implementations
Hope this helps,