ASM

----
1.staging mode : 7 day by default trafic not blocking and learning all of the
trafic
2.enforcment mode : will be block violation trafic

policy
1.blocking mode : request matching attack signature and block the trafic
2.transparent mode :When you set the enforcement mode to Transparent for a security
policy, the system logs violations but doesn’t perform blocking and passes all
traffic through to the application.

create policy
1. manualy : managing security manualy
2.automatic : managing security automatic after 7 day to mode enforced

attack signature work AND logical proses

Transparent | Blocking | Staging | Enforcment | request Block

V X X X X
X V V X X
X V X V V

positive security building : deny request which exceeding particular value

wilcard entities : allow all (*)
explicit entities : non wilcard expression
big ip v 14.0 enable log mask default
disable case sensitive reduce false positives
Disabling Illegal meta character in value : application requires a strict security
posture
Configuring vulnerability scanners :identify, classify, and report potential
security holes or weaknesses in website code.
asm default blocking respond when request is block when violation occur
disallowing filetype malicious : when dynamic filetype
when asm triger violation, its update learning page based on violation request
review learning sugestion and decided it is legitimate traffic or no
storage limit record learning suggestion : remove flag after review violation
learning sugestion not sync and when upgrade you must accept or clear learm=ning
sugestion
tuneling based on deployment ennvironment :
1. deployment : only valid traffic request, if vulnerability perform make sure to
learning to distingusih valid traffic
2. production : posible to false positive traffic or legitimate
Tuning based on violation type and deployment environment
1.Triggered by: Request accesses a file type that is not found in the security
policy.
2.Non-production environment: Accept. This violation typically occurs when new
application resources are added
or new technology is adopted in the application.
3.Production environment: Unless these violations occur in conjunction with a new
application update, violations
of this type in a production environment are generally malicious and you should
not accept as a learning
suggestion or loosen the policy.

evasion technique detected