K-Dubb
May 30, 2019Nimbostratus
Can you have too long of an Enforcement Readiness period?
We are currently testing with a 30 day readiness period. The standard recommended seems to be 7. We have applications that may not have certain pages/functions hit in 7 days, and it may take 30 to even 45 days to see traffic in all parts of the web app. Is this too long of an enforcement readiness period? Do we run the risk of an actual attack or suggestion from an actual attack being lost because of such a long period? For example, say in a 7 day period signature x was not triggered and therefore ready to be enforced. However, in a 30 day period it was (yet it was an actual attack), so then it is moved to staging and never enforced in that period.