ASM Policy Builder..
Hi Everyone,
I am setting up and tunning ASM policy for one application. When i generate SQL injection attack on purpose it is detected on ASM, rated as risk 5, listed in Violations but still rated as legal request and not listed under illegal requests. My policy is on comprehensive level, in blocking mode. Same when i try to trigger response on XSS activity. Generally, almost none of risk rated (1-5) requests are blocked and i have put my policy in blocking mode. Less then 1% of suspicious requests are blocked and listed as illegal requests in Event Log. I am little bit confused with this and need some clarification. If i click learn on each false positive and the accept it, will that make policy treat this type of request legal in future or only this request from that IP in that moment? If status is legal for request in event log but there is risk 1 or 2 if i ignore it and don't do anything i can assume production policy will ALLOW this TYPE of request in future, no need to click learn + accept on each false positive? How can i say to policy builder that some request listed as legal is actually illegal and i want it to block, i only see accept button not option for blocking this type of request in future?
Sorry for bunch of Qs, first policy of mine...
Thank You