Forum Discussion
hooleylist
Aug 16, 2012Cirrostratus
Hi Greg,
For some policy components (file types, URLs and flows), you can ignore individual learning suggestions:
ASM | Policy Building | Ignored Entities
This screen displays the number of ignored security policy entities for the current edited security policy selected.
You can create an ignored entity by deleting file types, URLs, or flows from the Learning tables. The system ignores these deleted items and does not generate learning suggestions for them.
You cannot currently disable learning for a specific attack signature. You should be able to disable learning suggestions for all signatures in a signature set though. If you wanted to tinker a bit, you could move the attack sig(s) you never want to get learning for into a separate attack sig set with learning disabled.
The ASM config guide goes over policy building using the Learning tool:
Manual Chapter: Refining the Security Policy Using Learning
https://support.f5.com/kb/en-us/products/big-ip_asm/manuals/product/asm-config-11-2-0/asm_learning.html
Aaron