Violation appearing in the event logs but not ASM learning suggestions

Question

Hi,&nbsp;
I've gone through DevCentral so I know similar questions have been asked, but none have the right answer.&nbsp;
When I type this URL: [HTTPS] /en/ty.exe, I get a violation/ support ID for the following:&nbsp;
Detected Violations&nbsp;
Illegal file type [1]&nbsp;
Illegal URL length [1]&nbsp;
Illegal request length [1]&nbsp;
The traffic is quite rightly blocked, but nothing appears within the learning suggestions.&nbsp;
All of the violations are set to learn in the "learning &amp; block settings".&nbsp;
The policy is in manual learning with a &nbsp;
Does everything that appears in the event logs not create a learning suggestion even if you've got it set to do so?&nbsp;
Is this decided by the ASM policy learning speeds? (Fast, enhanced and comprehensive)&nbsp;

&nbsp;

stanislas_piro2 · Answer

In learning page, click on filter / advanced and move the cursor from 5 to 0! &nbsp;
Default learning suggestion under 5% are not displayed!&nbsp;

Forum Discussion

Violation appearing in the event logs but not ASM learning suggestions

1 Reply

Recent Discussions

[ASM] - HTML5 Cross-Domain Request Enforcement - CLI command

Reverse Proxy Not Behaving

Stable Firmware for F5

F5 VE in Azure - troubles with Sentinel integration

Need help on i-rule to specific uri path

Related Content

No Learning Suggestions But could see Violations in the event logs

Rate limiting GraphQL API query using iRule and Advanced WAF Violation

WAF meta character violation not appearing

Separating False Positives from Legitimate Violations

AWAF - Do not log Geolocation violations from the Event Log