Nokron
WAF F5
NokronGitLabELK stackWAF F5
WAF F5
NokronGitLabELK stackWAF F5
  • BIG-IP Application Security Manager
    • HTTP Protocol
      • Deep Dive to “HTTP Request” on ASM Module
      • ASM Example: Detecting a Malicious HTTP Request
    • Introduction to OWASP Top-10 Security Risks
    • Application Security Policy Templates in F5 ASM
      • Security Policy Levels
      • Explicit Entities Learning
      • Policy Modification
      • Gradual / Modular Blocking
      • Application Security Policy Lifecycle
      • Security Policy Enforcement Modes
      • Security Policy Violation Flags
      • How to Increase Learning Score / Deployment Speed
      • Comparison: Enforcement Mode, Learning Mode, and Violation Flags
    • Security Entities in Application Security Policy
      • Enforcement Readiness Summary
      • HTTP / HTTPS / WS / WSS URLs
      • Allowed Parameters in Security Policies
      • Allowed File Types in Security Policies
    • Tuning Security Policies: Analyzing and Categorizing Violations
      • Learning Suggestions in Security Policy Tuning
      • Policy Diff: Comparing and Auditing Security Policies
    • IP Address Exception Properties in ASM/AWAF
    • Cross-Site Request Forgery (CSRF) Protection in F5 ASM/AWAF
    • Sensitive Data Masking / Scrubbing (Data Guard) in F5 ASM/AWAF
    • Anti-virus Protection through an ICAP Server in F5 ASM/AWAF
    • Cookies in F5 ASM/AWAF Security
    • Session Tracking and Session Awareness in F5 ASM/AWAF
    • Evasion Technique Detection in F5 ASM/AWAF
    • Important Tips about Security Policy in F5 ASM/AWAF
    • L7 DDoS Attack Protection Configuration
    • TPS-based Attack Vectors and Stress-based Attack Vectors
    • Mitigation Techniques for DoS and Bot Protection
    • Important Tips about Events Logging
    • High-Speed Logging (HSL) Configuration
    • Web Threat Campaigns (v14.0+)
    • IP Intelligence (IPI) Subscription-Based License
    • Geo-IP Database Functionality
    • General Security Standards and WAF Support
    • ASM - Virtual Edition (VE) Tips
    • How to Bypass ASM Module
    • ASM Traffic Processing Daemon (bd)
    • ASM and AAM Integration
  • BIG-IP LTM Technology
    • Source IP Address and PORT Translation in BIG-IP
    • Packet Filters
    • Traffic / Service Profiles in BIG-IP
    • Virtual Servers and Their Behavior with Different Profiles in BIG-IP
      • Detailed Overview of Profiles in BIG-IP LTM
      • Optimizing for Mobile Clients in BIG-IP LTM
      • Connection Mirroring in BIG-IP LTM
      • AVR (Analytics) Profile in BIG-IP LTM
      • Health Monitoring in BIG-IP LTM
      • SSL Profile in BIG-IP LTM
      • Load-balancing Methods in BIG-IP LTM
      • Persistence Profile in BIG-IP
      • CMP vs. SMP in BIG-IP Systems
      • OneConnect Profile in BIG-IP
Powered by GitBook
On this page
  1. BIG-IP Application Security Manager
  2. Application Security Policy Templates in F5 ASM

How to Increase Learning Score / Deployment Speed

The Learning Score is a percentage that reflects the progress of the policy-building process for specific entities or items in the security policy. This score helps administrators track how well the ASM/AWAF system understands application behavior.

Key Factors Affecting Learning Score

  1. Violation Assignment and Correlation:

    • Each violation is assigned a percentage value to indicate its learning progress.

    • The Correlation Engine processes traffic patterns and generates learning suggestions.

  2. Session Tracking:

    • ASM/AWAF records detailed session data over time for the web application.

    • Learning scores are updated based on these session details.

  3. Staging Status:

    • Entities or violations in Staging Mode contribute to learning scores as the system observes traffic behavior without enforcing blocking.

  4. Parameters of the Learning Algorithm:

    • The time required for a violation to reach 100% learning score depends on:

      • Traffic Volume: Higher traffic speeds up the learning process.

      • Entity Staging Time: Entities in staging require longer observation periods.

      • Trustworthiness of IPs:

        • Requests from Untrusted IPs progress slowly as they require more samples.

        • Adding an IP to the Trusted List accelerates learning progress for requests from that IP.

Strategies to Increase Learning Score / Deployment Speed

  1. Optimize IP Trust Levels:

    • Identify legitimate sources of traffic and add them to the Trusted IP list.

    • Reduces the sample requirement for learning progress.

  2. Increase Traffic Volume:

    • Ensure the application is actively receiving diverse and legitimate requests.

    • Simulate traffic in controlled environments for faster sampling.

  3. Adjust Staging Time:

    • Minimize staging time for low-risk entities while observing high-risk entities longer.

    • Shorter staging durations speed up enforcement readiness.

  4. Refine the Learning Algorithm:

    • Focus on specific entities or violations with slower progress by adjusting:

      • Sampling thresholds.

      • Learning score weightings for critical entities.

  5. Select an Appropriate Learning Speed:

    • Use Fast Learning Mode in environments with low traffic and low risk.

    • Choose Medium or Slow Mode in high-traffic or high-risk scenarios to reduce inaccuracies.

PreviousSecurity Policy Violation FlagsNextComparison: Enforcement Mode, Learning Mode, and Violation Flags

Last updated 3 months ago