Forum Discussion

Rise_77519's avatar
Rise_77519
Icon for Nimbostratus rankNimbostratus
Jul 22, 2014

explicit entities learning

Hi, Can anybody briefly explain differentiate against Never (wildcard only), Selective, Add All Entities.I only understand add all entities that it adds entities that match a wildcard. but not exactly understand wildcard only and selective function.

 

thanks,

 

8 Replies

  • Hello Rise,

     

    According to the configuration you have (and the doc) : - if policy builder is activated, the entity will be added if attributes differ from the * (length, characters ...) - if policy builder is not running, you will find the new entity in learning suggestion tab.

     

    Doc Link

     

  • Hi,

     

    for example:

     

    Violation is occur for http://abc.com/test/test_page!!!.html (! -is dissalowed meta character).

     

    When wildcard only: if you apply learning solution "!" will be allowed for all urls.

     

    When selective function: "!" will be allowed for particular url

     

  • Hi Guys, Thanks for the responses.

     

    Vitaly , I could not understand exactly why "!" will be allowed even though it is disallowed character when selection function activated. And when all entities activated on the policy then "!" will be allowed ? Thanks again!!

     

    • Vitaliy_Savrans's avatar
      Vitaliy_Savrans
      Icon for Nacreous rankNacreous
      It will be allowed in case if you accept learning suggestion with allow parameter
  • Ok thanks Vitaliy.

     

    I created a automatic policy but not sure it is starting to block the client traffic.it will block the traffic by consider the enforcement readiness period time that i leave it default value or it consider requests and sessions values in accepted as legitimate and stabilize( tighten ).

     

    Rise,

     

    • Vitaliy_Savrans's avatar
      Vitaliy_Savrans
      Icon for Nacreous rankNacreous
      Policy will block traffic if following criterias are met : - policy is in block mode; - policy entrie is enforced or not in staging mode;
  • hi Vitaly, I indicated that when i created the policy with the add all entities then i see all urls file types and parameters that added to the security policy. But when i created the policy with the selective mode then some parameters and files type are added to the policy. what is the rule that the asm adds entities to security policy for selective - add all entities? Thanks a lot.

     

  • Hi, when i selected the selective mode for the URL in the policy setting I can only see the below wildcard entities that added in my security but while the add all entities selected i can see all url that added in my policy. why asm add the wildcard entities while in selected mode?

    [HTTPS] *   No  Selective   N/A N/A
    [HTTPS] *.[Gg][Ii][Ff]  No  Never (wildcard only)   N/A N/A
    [HTTPS] *.[Ii][Cc][Oo]  No  Never (wildcard only)   N/A N/A
    [HTTPS] *.[Jj][Pp][Gg]  No  Never (wildcard only)   N/A N/A
    [HTTPS] *.[Pp][Nn][Gg]  No  Never (wildcard only)   N/A N/A
    [HTTPS] *.[Ss][Ww][Ff]  No  Never (wildcard only)   N/A N/A