ASM detecting but not blocking the attack
Hello all,
I am using ASM and a Apache Tomcat based web application behind it. I am testing negative security accuracy of the ASM and realized that it is not blocking the attacks even it detects that the request is violating the attack signature.
The security policy is configured in blocking and manual mode. The signature staging is disabled with all available signatures included to the policy.
The issue is once the attack (for example SQL injection) is launched ASM is detecting that the request matches the attack signature and showing it on the Manual Traffic Learning -> Attack signatures detected page. When you go one step further and check the details of the incidents listed under this page you see that ASM is considering the request as legal!
No logs are available under Event Logs tab.
It will be highly appreciated if anyone explains this behaviour. Is it expected or sth like a bug?