Skip to content

Automatic Learning

About

Automatic Learning is used for TR7 WAF to continue learning processes while in blocking or monitoring mode. The WAF settings of the relevant service are managed by clicking on the edit icon next to the Automatic Learning text.

LOGO

Interface

Automatic Learning Editing Screen

LOGO

Automatic Learning Editing Form

- Collective (AI) Learning

Collective Learning is used to continue automatic learning processes while TR7 WAF is in blocking or monitoring mode. When a path that has not been previously ruled by WAF is added to the application, the relevant requests are automatically taught according to the criteria specified in Collective Learning, based on the period of Collective Learning Frequency.

LOGO

- Collective Learning Frequency

For example, when 30 Minutes (1 Day) is selected, the last day's logs are checked, and a learning check is performed every 30 minutes. If there is a log meeting the criteria, the relevant request is taught after 30 minutes.

- Country Filter

It is selected from which countries the requests that will be included in collective learning will come. For example, only Local Networks and Turkey can be selected for a service that does not receive requests from abroad.

- Only Browsers

Only requests coming from browsers are included in collective learning. For example, requests coming with User-Agents like curl, wget are not included in collective learning.

- Only Valid Domain Names

Only requests coming with valid domain names (URLs) are included in collective learning. For example, requests made to IP:Port are not included in collective learning.

- Skip Blacklist IPs

Requests coming from IP addresses registered in the Blacklist are not included in collective learning.

- Required Requests

The minimum number of requests required for the related path to be taught as a WAF rule is entered.

- Required Clients

The minimum number of different clients required for the related path to be taught as a WAF rule is entered.

- Required Countries

The minimum number of different countries required for the related path to be taught as a WAF rule is entered.

- Required ASN Networks

The minimum number of different ASN networks required for the related path to be taught as a WAF rule is entered.

- Teacher

Selected IP, Cookie, or Header information is considered entirely safe. If requests of users with the specified IP, Cookie, or Header are caught by WAF, these requests are automatically taught according to the selected period. It shortens the learning time and helps reduce the number of false positives.

LOGO

- Teacher IP

Multiple IP addresses can be defined by leaving space between them. A network address like 172.16.101.0/24 can also be written.

- Teacher Cookie

For automatic learning of WAF rules, the content information of the cookie named TR7-LEARN can be entered.

- Teacher Header

For automatic learning of WAF rules, the content information of the header named TR7-LEARN can be entered.

- Teaching Frequency

A period is selected for the application of the rules. If no period is selected, the rules are not taught.

- Edit

Clicking the Edit button saves the changes made