TR7 ASP General WAF Usage

TR7 ASP What is General WAF Usage?

There are 3 basic modes in TR7 ASP WAF. These are Blocking, Learning and Monitor modes. In general use, the WAF is first put into Learning mode. After it is put into Learning mode, it waits in this mode according to the traffic density of the web service. A web service with a lot of traffic may take 3-4 days, while a web service with low traffic may take up to 30 days. In Learning mode, no logs are dropped on the TR7 ASP web interface. All requests made during this period are recorded in the background and used later for Analysis & Learning. After the Learning mode, the rules (path) are taught by doing Analysis & Learning. After learning mode, Monitor mode should be activated. In Monitor mode, the logs are followed with the rules taught to the system. In Monitor mode, requests are not blocked, but their logs can be viewed on the TR7 ASP web interface. This mode is "What would happen if we put it in Blocking mode?" It was designed as an answer to your question. In monitor mode, necessary adjustments are made by following the log for a certain period of time. Monitor mode is continued until it is determined that the incoming logs are real attacks or undesired requests. Finally, it is put into the Blocking mode and undesired requests are blocked within the framework of the real attack and the applied rules.