Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
1. Security Model
2. Policy Types
3. Entities
4. Data Guard
5. Rapid Deployment Policy
6. IP Address Exception
7. Policy Properties
8. Policy Tuning Detailed
Security Models
• Best Practice :-- Use both and try to bridge gap between both.
Positive Security Model
Web-Server
Web-Server
Choose
Signature Staging Enforcement
Readiness Period
• Learning Modes :- How ASM handles the policy building process
3. Disable :- Will cause that ASM does not create any learning
suggestions.
• Enforcement Mode :- Specifies how the system processes a request
that triggers a security policy violation.
• Passive Deployment Policy : - In passive mode, ASM analyzes a copy of the traffic but does
not modify it. It cannot enforce any actions, but can log events and display reports. This method is non-
intrusive and The use case for this is customers evaluating our products with minimal risk, no performance
impact, and in need of quick deployment. A policy based on the Passive Deployment Template is
recommended in this scenario because it cannot impact traffic.
• API Security Policy : - The API protection you deploy with this solution is a basic generic
policy and is setup in transparent mode. It will start out with a large set of signatures from the API
Security template
Auto L7 Policy
• "text/..."
• "application/x-shockwave-flash"
• "application/sgml"
• "application/x-javascript"
• "application/xml"
• "application/x-asp"
• "application/x-aspx"
• "application/xhtml+xml"
• You can configure one additional user-defined response content-type using the system variable
user_defined_accum_type. If response logging is enabled, these responses can also be logged.
• When adding URLs, you can type either explicit (/index.html) or
wildcard (*xyz.html) URLs.
• For To never block traffic from this IP address, select Never block this
IP Address.
• To always block traffic from this IP address, select Always block this
IP.
Violations
• File Types
• URL
• Redirect domain
• Parameters
• Cookies
• Headers
Item Violation
Rating Definitions
5 Defiantly a Threat
Legal and illegal Triggered Violations Request
illegal Request
Blocked Request
Staging and Enforcement Modes
• Staging : - Allows the ASM to build list of false positive without
dropping any packets.
• Time period when ASM inspect traffic flowing through ASM module for
that policy which are in readiness period.
• Default is 7 Days.
• Accept Suggestion : - Will accept the suggestion and will add the
parameter to the policy which is suggested.
• Ignore : - Ignore this current suggestion and will not show same
match suggestion again under traffic learning.
• Delete : - Will delete the suggestion from current list but can show
same suggestion again if there are match.
Parameters Flags
• Alarm : - ASM Generate alarm and log if there are match with
parameters.
• From Event logs pages we can accept the request without even
reviewing the same at learning page. There are 3 options available
with each request.
• 1. Delete Request :- Will delete specific request from event log page.
• 2. Export Request : - Will export the request details.
• 3. Accept Request :- Will accept the request and whatever is the
suggestion of same on traffic learning page will be accepted.
same can be seen in enforcement readiness summery page.