Explicit Entities Learning - Never (Wildcard only) vs Selective when building Negative Attack Signature Security policy

Question

Does the setting, "Explicit Entities Learning" (Never (Wildcard only) or Selective) come into play when only using Attack Signatures to build security policy? (All other blocking masks disabled)&nbsp;
If so, what does choosing Never(Wildcard Only) do verses choosing Selective? Is one 'less secure' than the other any why?&nbsp;
thank you&nbsp;

nathe · Answer

mortoj, no Explicit Entities Learning is only for File Types, URLs, Parameters and Cookies. It's all about how you can build a positive security model in ASM. You may be happy to use the Wildcard for URLs but want to further control File Types to the ones that should only be allowed. This setting will mean the ASM can learn the individual elements.&nbsp;
Never means only use the Wildcard. Selective means if there is a violation against, say, a File Type it learns the entity too. With Selective if there is no violation then it doesn't learn the file types. The other option is All all Entities. As it sounds it learns and adds all entities under a wildcard. So, hopefully you can see that Selective is a half way house between Never and All.&nbsp;
Hope this helps,
N&nbsp;

Forum Discussion

Explicit Entities Learning -> Never (Wildcard only) vs Selective when building Negative Attack Signature Security policy

1 Reply

Recent Discussions

ASM instance creation

[ASM] - what is "Browser Challange file" ?

[ASM] - HTML5 Cross-Domain Request Enforcement - CLI command

Reverse Proxy Not Behaving

Stable Firmware for F5

Related Content

Wildcard Parameter signature attack

Support of WAF Signature Staging in F5 Distributed Cloud (XC)

Mitigating JSON-based SQL injection with BIG-IP ASM / Advanced WAF Attack Signatures

BoT Defense Profile, Signature Enforcement

Live Update- ASM attack signatures