Re: [Owasp-modsecurity-core-rule-set] crs against brute force not working

Have you enabled the debug log for your test connections and reviewed the logs? Ryan Barnett Senior Lead Security Researcher, SpiderLabs Trustwave | SMART SECURITY ON DEMAND www.trustwave.com From: Sabin Ranjit mailto:think.sa...@gmail.com>> Date: Tuesday, August 26, 2

Re: [Owasp-modsecurity-core-rule-set] inbound_anomaly_score_level - Only send critical events

Wesley, What exactly are you trying to achieve here? Ryan Barnett Senior Lead Security Researcher, SpiderLabs Trustwave | SMART SECURITY ON DEMAND www.trustwave.com On 8/25/14 6:20 PM, "Wesley Render" wrote: >I was just wanting to follow up. Is anyone able to co

Re: [Owasp-modsecurity-core-rule-set] inbound_anomaly_score_level - Only send critical events

I am trying to send only correlated events that are Total Inbound 5+ to mlogc. When I set the SecDefaultAction for phase1 and phase2 to "pass,log" or to "nolog,auditlog" it seems to send all events, even ones that are under TX 5 to the mlogc. When I set it to "pass,nolog" it seems to only send e