NimbostratusHi;
Would starting with the Automatic policy builder with Trusted users only heavily testing the application, then stopping the policy builder after it has built what it needs to build and moving towards a manual mode with staging?
Kindly Wasfi
CirrocumulusThere is no way to guarantee the avoidance of false positives. A lot depends on your application and its use.
The "heavily testing by trusted users" should really be every single link/button on the application clicked, every form submitted with all possible allowed permutations of input.
The best policies are always built manually by people who have good understanding of your application and its behavior. Obviously it is not always achievable so your approach would work followed by a policy tuning process (a process of false positives analysis and their removal).
Another good starting point is to use a penetration test report output. If your application was penetration tested by a vulnerability scanner tool supported by ASM you can import the results to make sure that the vulnerabilities identified are mitigated first.
Here is the URL to ASM Manual: https://support.f5.com/kb/en-us/products/big-ip_asm/manuals/product/asm-getting-started-11-5-0/4.htmlconceptid
NimbostratusThank you Samstep.
Kindly Wasfi