Forum Discussion

zeropixel_23561's avatar
zeropixel_23561
Icon for Nimbostratus rankNimbostratus
Dec 25, 2015

ASM policy building suggestion for dev environment

I setup a dev environment to test out the ASM policies before production migration. My goal is to test out the policy, and in the production and repeat the same steps I am doing below?

 

I have created the policy with automatic and transparent mode. I realize automatic mode will set to blocking mode by default and I need to manually change to transparent mode. The sales guy told me the policy building will be different and based on the application behaviors? I know I can select automatic or manual mode but I thought automatic is a good start point? I also check all the checkboxes for all the attack signatures.

 

There is no traffic at all to go through this environment. I have to do the manual browsing of the web application, but I want to ask how long it takes to do the policy learning? I assume policy learning should be real traffic?

 

I can generate attack payload using web vulnerability scanner, but I don't know if it can help on the policy.

 

Any suggestions and comments are welcome!! Thanks so much!!

 

ASM Advanced WAF
security
waf

1 Reply

Sort By
  • Hannes_Rapp's avatar
    Hannes_Rapp
    Icon for Nimbostratus rankNimbostratus
    Dec 26, 2015

    "I realize automatic mode will set to blocking mode by default and I need to manually change to transparent mode"

     

    You can start with the automatic learning process while in Transparent mode. I'd start with prod, and then move to dev. If you do not know exactly what you want to block with ASM, for your very first implementation I recommend evaluating Manual Traffic Learning section over a period of one week. Some knowledge about the protected application could do no harm. You may want to collaborate with application specialists to gain better results.