NimbostratusWe have hundreds of Security Policies deployed (ASM v13.1), so checking all Security Policies for Traffic Learning events via the GUI: Security --> Application Security --> Policy Building --> Traffic Learning is quite annoying. I would prefer a daily report, which shows only those policies with new Traffic Learning entries availaible.
You might want to raise this through Support as a Request for Enhancement (RFE) for due consideration. However, be aware that with the Unified learning frame work added from v12.0, all similar learnt entities are all aggregated to gather anyway, and once you treat each one (accept or ignore), they will no longer show up under learning suggestions.
This might not make much difference if the same suggestions are been generated each day without been treated.
Pretty much, once the noise has been treated they don't come back to clog your systems and any suggestions thereafter will be new from the ones that had been previously treated.
Also, if you are implementing such amount of policies (keyword here is implementing), then you might want to consider Automatic Policy Builder to take the administrative burden off you.
NimbostratusThank you very much. Before we create a support case, we want to check the possibilities with the REST API. Maybe we can map this functionality via the "Leraning Suggestion Object".
You mentioned the "Automatic Policy Builder", are you referring to the option "Learning Mode" here?
Yes, the learning mode determines if you are learning the policy manually, or automatically. Automatically means that you have the Automatic Policy Builder turned on, and will the doing the learning of the data minimal interaction from you.
Feel free to check what options are available to you through the REST API, and you might be able to find an endpoint that works for you, but you will have to investigate this.
The iControl(R) REST API User Guide, Version 13.0.0, should give guidance on this.
