MSZ,
When building the ASM policy with Attack Signature protection, it is better to determine the following information about the application you intend to protect.
- OS
- Web Server
- Languages, Frameworks & Application
- DB Servers
After determining theses information, from the "Attack Signature" screen select the corresponding ones. For example:
- OS: Windows
- Web Server: IIS
- Languages, Frameworks & Application: ASP.NET
- DB Servers: MySQL
In this way you will select only Attack Signatures that applies to your application. Doing so will limit the false positive.
Hope it helps
Regards