On 2/13/12 4:56 PM, "Christian Bockermann" <[email protected]> wrote: > > (3) Usage Statistics > > Ryan once provided the idea of gathering usage statistics on rules. >Some central > place to simply collect "the hits for rule X", "the average TX-score >per request" > or the like. > Would anyone be interested in sharing such data if a central place >would exist? > > I shortly discussed the option to include some >"report-false-positive" button > into the AuditConsole. That might e.g. send a report including an >obfuscated audit > event to the false-positive-report-mailing list. > Would anyone use such a thing? > What kind of information is one willing to provide? > > If there is a requirement of having a central place/application to >gather such > information, I'd be interested to come to assistance.
I would love to have a more automated method of gathering rule statistics and accuracy issues. As I mentioned, users can currently either send an email to the [email protected] mailing list or create a JIRA ticket. We created the mail-list because we figured it would be easier for someone to shoot off an email rather having to log into JIRA and create a ticket. I am open to any ideas that the community has for better identifying how rules work and any false positives. -Ryan This transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is STRICTLY PROHIBITED. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. _______________________________________________ Owasp-modsecurity-core-rule-set mailing list [email protected] https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
