Does anyone have some sample encapsulated assertion or sample policy that they regularly apply when routing requests through SSG. Something which will cover all the threat protection assertions based on content in the message
Hi shinoy.cherayil ,
Choosing a protection assertion is very dependent on your use cases. For example, if your requests have to have the html in the body, then you cannot apply html code injection protection on the request body.
The product document should be a good starting point,
Threat Protection Assertions - CA API Gateway - 9.2 - CA Technologies Documentation