Hi morten. A pure dynamic learning client creates ineffective rules, duplicate rules and also if you have an infected client you can feed the WAF with security issues. Furthermore in real life scenarios whenever i use dynamic learning clients the ns.logs will fill up with dynamic learning client detecting new rules and whenever the NS tries to add the rule Netscaler will report "Rule Already exisists". Dynamic Learning is not mature yet. Typically what i do is to construct manual WAF Rules because they are more effective than dynamic rules. i.e take a swagger definition and create rules from that, then use knowledge of HTTP, HTML, my SANS Certifications on redteam/blueteam work to implement rules.