NimbostratusI am new to ASM. There are different selections on policy building: automatic, manual, etc. I setup with automatic security policy in a testing environment, which has nobody use it. I realized the policy building stopped. I want to see how this policy building works? Should I run a scanner to simulate the traffic?
Any suggestions are welcome. thanks!!
MVPa scanner is an option, but you could also just click yourself through the website. that will generate more logic traffic then a scanner most likely. or if you have the possibility put it in infront of your internal website and let more traffic through it. just don't put it in blocking yet.
NimbostratusThanks @boneyard. I am working on the sandbox environment, not production. I try to figure out what is the best way to simulate the production traffic. Do you normally have a sandbox testing environment to test out the policies? My understanding is that if I choose "automatic" security policy, ASM will build the security policies on the fly based on the behaviors of the application. But I am not sure if the learning will be different on the REST API? I appreciate for your inputs. Thanks!!
MVPi think a sandbox environment is causing lots of work with if you don't have an easy way to generate the traffic. but in principle if you configure the settings and just click everything once you have what your site consists of. different inputs in fields will complicate matters, but that also depends on how far you want to go with your policy.
an easy way might be some web crawler tool that just goes through your site, but it will not be an actual user effect.
not sure what you mean with the REST API, don't see how that is involved here.