NetScaler Console service

Configure the learning profile

You must configure a learning profile in NetScaler Console and select the NetScaler profiles to generate the relaxation rules list. Depending upon the traffic, you can configure profiles on NetScaler instances and configure a learning profile in NetScaler Console.

Note

Currently you can configure only 25 profiles.

You can configure learning profiles to generate the relaxation rules list for the selected:

  • Web applications – Enables you to select the application for which you want to create the relaxation rules.

  • Profile names – Enables you to select the WAF profile for which you want to create the relaxation rules.

After you create the learning profile, if NetScaler receives no incoming traffic for the configured security checks, you can also configure to remove the relaxation rules from NetScaler Console.

To configure a learning profile:

  1. Navigate to Security > WAF Learning > Learn Profiles

  2. Click Add.

    WAF learning

  3. In the Add Profile Configuration page, specify the following parameters:

    1. Learn Profile Name – Specify a name of your choice.

      Select the Enable option. By default, this option is selected. If you disable this option, the profile will not be active.

    2. Learn Behavior – Select the learn behavior to generate rule, remove rule, or both

      1. Learn Rules – Generates the exception rule and enables the administrator to either deploy or skip.

      2. Remove Idle Rules – Removes the exception rule, when the configured idle time exceeds the threshold.

      3. Learn Rules & Remove Idle Rules – Generates the exception rules and also removes when there is no incoming traffic

        Note

        • Remove rule option is only supported for Start URL, Deny URL, HTML Cross-Site Scripting, and HTML SQL Injection security checks.

        • When you select Remove Rule option, the supported security checks options are displayed.

    3. Learning Group – Select either Profile Based or Application Based.

    4. Select WAF Profile – This option is displayed when you select Profile Based. Select the required WAF profiles based on applications or profile names.

      WAF profile

    5. Select Applications - This option is displayed when you select Application Based. Select and add the applications from the list.

    6. Under Security Check, select the security checks options that you want to take action for the violations reported in NetScaler Console. When you select an option, you must provide the following information:

      1. Minimum number of sessions – Specify the sessions. NetScaler Console monitors for the specified sessions to be occurred on the NetScaler instance to report it in the relaxation list.

      2. Auto Deploy - This option enables the administrators to take an action (deploy or skip). You must specify the grace period (days, hour, and minute format), for which NetScaler Console will hold these violations in the Relaxation Rules list.

        The maximum grace period that you can specify is 30 days.

        Security checks parameters

      3. If you have selected Remove Rule option, specify the Idle Time (Day) in days and hours. After this time period, if NetScaler receives no incoming traffic for this security check, the rule is automatically removed.

        By default, the idle time is 7 days, but you can configure this time as no lesser than 23 hours.

    7. On the Notification Settings, select the notification options that you want to get the violations notified. The available notification options are email, SMS, Slack, and ServiceNow.

      After you select the notification options, you can either select from the existing distributed profile or create a profile.

      WAF notification

    8. Click Create.

Configure the learning profile

In this article