The Application Security Manager™ provides application-ready security policies, which are baseline templates, for the following enterprise applications:
By using an application-ready template, your organization can quickly create a security policy designed to secure that specific web application. It is a fixed policy that only changes if you decide to adjust it manually or configure additional security features.
After you create a security policy, the system provides learning suggestions concerning additions to the security policy based on the traffic that is accessing the application. For example, you can have users or testers browse the web application. By analyzing the traffic to and from the application, Application Security Manager™ generates learning suggestions or ways to fine-tune the security policy to better suit the traffic and secure the application.
|Accept Suggestion||The system modifies the policy by taking the suggested action, such as adding an entity that is legitimate. If the entity that triggered the suggestion can be placed in staging (file types, URLs, parameters, cookies, or redirection domains), clicking Accept Suggestion displays a second option, Accept suggestion and enable staging on Matched <<entity>>. Click this option to accept the suggestion and place the matched entity in staging.|
|Delete Suggestion||The system removes the learning suggestion, but the suggestion reoccurs if new requests cause it. The learning score of the suggestion starts over from zero in that case.|
|Ignore Suggestion||The system does not change the policy and stops showing this suggestion on the Traffic Learning screen now and in the future. You can view ignored suggestions by filtering by status ignored.|
|Leave the suggestion||You can read the suggestions and wait to handle them until more traffic has passed through, or until you get more information. The suggestion remains in the list and no changes are made to the policy.|
If you know that a suggestion is valid, you can accept it at any time even before the learning score reaches 100%. The ones that reach 100% have met all the conditions so that they are probably legitimate entities.
|Option||What happens when selected|
|Learn||The system generates learning suggestions for requests that trigger the violation (except learning suggestions are not generated for requests that return HTTP responses with 400 or 404 status codes).|
|Alarm||When selected, the system marks requests that trigger the violation as illegal. The system also records illegal requests in the Charts screen, the system log (/var/log/asm), and possibly in local or remote logs (depending on the settings of the logging profile).|
|Block||The system blocks requests that trigger the violation when (1) the security policy is in the blocking enforcement mode, (2) a violation occurs, and (3) the entity is enforced. The system sends the blocking response page (containing a Support ID to identify the request) to the client.|