The Learner learns from input, that is: from un-trusted sources. In order to avoid an attacker polluting the policy by hitting the website with something automated, thresholds have to be reached for the policy to be generated. On top of that - if you have performed any blocked requests which have classified as known attack types (DoS, SQL Injection, XSS, etc.) then the Learner will not learn anything from your IP-address. The address has been banned and marked as hostile.

To disable IP banning select "Learn from hostile sources (IPs)" in Services->Websites->Learning->Learning settings.

Also the learner will look at factors like spread in time, sources and number of hits. In Services->Websites->Learning->Learning settings click "help" in the upper right corner to get the relevant section of the manual.

To configure the Learner to learn from anything, right away, configure it with very low thresholds in Services > Websites > Settings->Learner.

For example: Consecutive sample status updates: 1 - Learning thresholds all set to 1.

Generate traffic to the site using for instance Microsoft Web Application Stress Tool which is freely available on the MS web site.

Do not use the generated policy for production unless the test cases used are representative of real life requests. It will almost always result in false positives when the website proxy meets "real life". We recommend deleting all learned data and letting Web Security Manager learn from real life requests when it is deployed into the production environment.