Cirrus
EmployeeThe main difference is that on page 22 the recommendation is to use Automatic Policy Builder, which starts out with the policy in blocking mode, but leaves violations in staging, in order to prevent legal requests from being blocked. "Automatic" in this context means that ASM will move entities (file types, URLs, parameters) out of staging (referred to as "enforced") when the default 7-day period has elapsed, and no violations have been detected. With that in mind, "Manually" in this context means that nothing will happen automatically. When there is a violation, the administrator must review it, and then decide how to handle it. For example, let's say you have an 10 attack signatures in staging. On day 5, one of them gets triggered. In manual mode, you would have to examine the request that triggered that signature and decide whether or not that signature should be enforced. On day 7, you would see suggestions that the 9 signatures which were not triggered are ready to be enforced. The one that was triggered would not be ready to be enforced. In Automatic mode, the nine signatures that were not triggered would be enforced, and the one that was would stay in staging until 7 more days elapse without any more violations. The relationship between "staging" and "blocking mode" is simple: Any entity that is in staging will never cause a blocked request, even if a violation is triggered. If you are familiar with the protected app, or you can discuss it with someone who is, then your job is much easier. Otherwise, the recommendation is to allow ASM to do the work for you. Make sense?