mm_pen_242283
Oct 22, 2016Nimbostratus
ASM - stopping induvidual learning sugestions
Hi experts.
I noticed that even after the policy has been declared stable (turned into BLOCKING mode by admin), those blocked violations (seen in Event logs) are still being shown (with corresponding hits) in the Manual Traffic Learning section. What is the need for that behavior (since this violation is already confirmed as obvious > enforced) and how can one disable Learning for that specific signature.
Under Attack Signatures Configuration there is no option available for disabling "Learn" on particular signature only. Can this setting only be applied to set of signatures (e.g. Generic...).
To make the long story short; how do you stop individual violations showing in Manual Traffic Learning?
Thank you for your answers!