ASM policy building suggestion for dev environment
I setup a dev environment to test out the ASM policies before production migration. My goal is to test out the policy, and in the production and repeat the same steps I am doing below?
I have created the policy with automatic and transparent mode. I realize automatic mode will set to blocking mode by default and I need to manually change to transparent mode. The sales guy told me the policy building will be different and based on the application behaviors? I know I can select automatic or manual mode but I thought automatic is a good start point? I also check all the checkboxes for all the attack signatures.
There is no traffic at all to go through this environment. I have to do the manual browsing of the web application, but I want to ask how long it takes to do the policy learning? I assume policy learning should be real traffic?
I can generate attack payload using web vulnerability scanner, but I don't know if it can help on the policy.
Any suggestions and comments are welcome!! Thanks so much!!