Citrix Application Delivery Management service

Configure the learning profile

You must configure a learning profile in Citrix ADM and select the Citrix ADC profiles to generate the relaxation rules list. Depending upon the traffic, you can configure profiles on Citrix ADC instances and configure a learning profile in Citrix ADM.

Note

Currently you can configure only 25 profiles.

You can configure learning profiles to generate the relaxation rules list for the selected:

  • Web applications – Enables you to select the application for which you want to create the relaxation rules.

  • Profile names – Enables you to select the WAF profile for which you want to create the relaxation rules.

After you create the learning profile, if Citrix ADC receives no incoming traffic for the configured security checks, you can also configure to remove the relaxation rules from Citrix ADM.

To configure a learning profile:

  1. Navigate to Analytics > Security > WAF Learning > Learn Profiles

  2. Click Add.

    WAF learning

  3. In the Add Profile Configuration page, specify the following parameters:

    1. Learn Profile Name – Specify a name of your choice

    2. Learn Behavior – Select the learn behavior to generate rule, remove rule, or both

      1. Generate Rule – Generates the exception rule and enables the administrator to either deploy or skip.

      2. Remove Rule – Removes the exception rule, when the configured idle time exceeds the threshold.

      3. Both – Generates the exception rules and also removes when there is no incoming traffic

        Note

        • Remove rule option is only supported for Start URL, Deny URL, HTML Cross-Site Scripting, and HTML SQL Injection security checks.

        • When you select Remove Rule option, the supported security checks options are displayed.

    3. Learning Group – Select either Profile Based or Application Based

    4. Select WAF Profile – Click this option and select the required WAF profiles based on applications or profile names.

      WAF profile

    5. Under Security Check, select the security checks options that you want to take action for the violations reported in Citrix ADM. When you select an option, you must provide the following information:

      1. Minimum number of sessions – Specify the sessions. Citrix ADM monitors for the specified sessions to be occurred on the ADC instance to report it in the relaxation list.

      2. Auto Deploy - This option enables the administrators to take an action (deploy or skip). You must specify the grace period (days, hour, and minute format), for which Citrix ADM will hold these violations in the Relaxation Rules list.

        The maximum grace period that you can specify is 30 days.

        Security checks parameters

      3. If you have selected Remove Rule option, specify the Idle Time (Day) in days and hours. After this time period, if Citrix ADC receives no incoming traffic for this security check, the rule is automatically removed.

        By default, the idle time is 7 days, but you can configure this time as no lesser than 23 hours.

    6. On the Notification Settings, select the notification options that you want to get the violations notified. The available notification options are email, SMS, Slack, and ServiceNow.

      After you select the notification options, you can either select from the existing distributed profile or create a profile.

      WAF notification

    7. Select the Enable option. By default, this option is selected. If you disable this option, the profile will not be active.

    8. Click Create.

Configure the learning profile