hi all i am new to csa . i am having a doubt abt the learn mode.
as per the documentation in learn mode when the rules in the policies having the action as query the user. in learn mode rather than querying the user it allows the action as query response.
my doubt is what abt the rules in which the deny action is set . will this rule be implemented when it is learn mode.
like in test mode even though the actions of the rules are set to deny it will still permit the action and log the event.
is this the same behaviour in learn mode.
or the learn mode only pertains to the rules with query the user as their
can someone pls clear this doubt.