Forum Discussion
2 Replies
Sort By
- Max_Q_factorCirrocumulus
Best practices are a matter of opinion. I think getting the signatures into your policy as quickly as possible is a good practice so automatic would be best for that. BUT, you have to be aware of new or updated signatures causing false positives and leave yourself a long enough staging period to review the learning suggestions in order to not create an issue with the protected resources by enforcing potential false positives and denying regular traffic.
also think about the opposite, signatures that have been changed significantly go to staging. this might mean your expected protection is suddenly different.