Forum Discussion

Federico_Battag's avatar
Federico_Battag
Icon for Nimbostratus rankNimbostratus
Feb 15, 2013

Staging-Tightening Period

Hi to all,

 

I open this post to ask a clarification on "Staging-Tightening Period" setting, when we create policy ASM.

 

 

In particular:

 

- If I enter a value of 7 days and the policy is created in blocking mode, this means that if during first 7 days traffic violates a signature,

 

it isn't blocked even if the policy is in blocking mode?

 

- If I enter a value of 0 days, this means that the signature immediately pass blocking or which remain in staging?

 

 

From what I see on my ASM seems that the setting of 0 days with policy in blocking means that signatures are always in staging? Can this be?

 

 

But if we set a value of 7 days, we should always go (at the end of 7 days) on tab "Bluilding Policy > Manual> Staging-Thigtening Summary" and click on "Ready to enforce" for signatures? Or they pass automatically in "enforce ready"?

 

 

I ask you a simple explanation of item "Staging-Tightening Period" and how is the operative logic, because for me it's somewhat confused.

 

 

Thanks to those who answer, a greeting

 

APM
app sec
security

1 Reply

Sort By
  • nathe's avatar
    nathe
    Icon for Cirrocumulus rankCirrocumulus
    Feb 15, 2013
    Frederico,

     

    1. If I enter a value of 7 days and the policy is created in blocking mode, this means that if during first 7 days traffic violates a signature, it isn't blocked even if the policy is in blocking mode?

     

    Yes that's true - it will not block but will log a learning suggestion so when the 7 days are over you can enforce all those signatures that have not been triggered and decide what to do (disable them on a parameter for example), if they have been.

     

    2. If I enter a value of 0 days, this means that the signature immediately pass blocking or which remain in staging? From what I see on my ASM seems that the setting of 0 days with policy in blocking means that signatures are always in staging? Can this be?

     

    I'm not sure about this but if 0 is allowed then I would've guessed they would not enter the staging period, so if the action was to block when a signature is triggered then it would block.

     

    Application Security ›› Attack Signatures : Attack Signatures Configuration - here is where you can disable Staging for a Security Policy

     

    3. But if we set a value of 7 days, we should always go (at the end of 7 days) on tab "Bluilding Policy > Manual> Staging-Thigtening Summary" and click on "Ready to enforce" for signatures? Or they pass automatically in "enforce ready"?

     

    They won't automatically be enforced.

     

     

    Hope this is useful,

     

    N