Can you have too long of an Enforcement Readiness period?

Q: Is this too long of an enforcement readiness period?

A: The enforcement readiness should suit your environment so the literal answer here is no. But as you noted in the remainder of your post there are certain risks.

Q: Do we run the risk of an actual attack or suggestion from an actual attack being lost because of such a long period? For example, say in a 7 day period signature x was not triggered and therefore ready to be enforced. However, in a 30 day period it was (yet it was an actual attack), so then it is moved to staging and never enforced in that period.

A: This may depend on whether you're using auto policy builder (APB) or not. If you are using APB within production traffic that will skew the results, ideally you only want to pass known good traffic through your ASM policy with APB enabled. If using manual learning then you will be manually enforcing suggestions regardless of the readiness period so you could have the same results between 7 or 30 days dependent on how often you're administering your policy.

Best,

Andrew

This makes sense. We are doing manual learning currently.