Re: FortiWeb Sequenze when Machine Learning enabled
☄ Helpfulby Holy 2019/02/28 04:38:51
I'm using ML in production enviroment with some early adopters of the technology. It seems to me that ML > Signatures, at least for the 7 Threat models currently supported, as far as I know there will be some more to come, even so the recomendation has been to use the ML and on the Web Protection with the parameters which are not currently worked by the ML for example DOS, GeoIP, etc and even disabling the signatures there.
So far even though the configuration for ML is very simple it has not been much of a "Fire and Forget" as you say because there has been some issues for example with the allowed methods it is not learning them correctly at least so far in version 6.0.2 also we have found othet issues, so I'm working on a couple of cases with technical support. Also as it needs to collect so many samples for each parameter/url most of them take too long to get to running state with the boxplots and the intended behavior, but is very promising probably in a few patches it will be like that.