Would anyone know if it would be possible to adjust the core rule set
configuration file so that only events that have a total inbound score of 5
or higher are sent to the audit log. (Running in Collaborative Detection
and Anomaly Scoring & Blocking) Version: SecComponentSignature
"OWASP_CRS/2.2.
On Wed, Aug 20, 2014 at 6:56 AM, Wesley Render
wrote:
> Would anyone know if it would be possible to adjust the core rule set
> configuration file so that only events that have a total inbound score of 5
> or higher are sent to the audit log. (Running in Collaborative Detection
> and Anomaly Sco
I have this problem as well. I also have:
SecDefaultAction "phase:1,pass,nolog,auditlog"
SecDefaultAction "phase:2,pass,nolog,auditlog"
SecAuditEngine RelevantOnly
SecAuditLogRelevantStatus "^(?:5|4(?!04))"
Could that be relevent? How should these be set in collaborative detection
mode?
Ear
lists.owasp.org
[mailto:owasp-modsecurity-core-rule-set-boun...@lists.owasp.org] On Behalf
Of Earl Fogel
Sent: August-20-14 9:59 AM
To: OWASP Mod Security
Subject: Re: [Owasp-modsecurity-core-rule-set] inbound_anomaly_score_level -
Only send critical events
I have this problem as well. I also have:
Sec
owasp.org] On Behalf
Of Wesley Render
Sent: August-20-14 11:30 AM
To: 'OWASP Mod Security'
Subject: Re: [Owasp-modsecurity-core-rule-set] inbound_anomaly_score_level -
Only send critical events
When I set it to the following, I get a lot less logs coming in. I am
confused on how it shou
dsecurity-core-rule-set-boun...@lists.owasp.org] On Behalf
>Of Wesley Render
>Sent: August-20-14 11:30 AM
>To: 'OWASP Mod Security'
>Subject: Re: [Owasp-modsecurity-core-rule-set]
>inbound_anomaly_score_level -
>Only send critical events
>
>When I set it to the fo
>-Original Message-
>From: owasp-modsecurity-core-rule-set-boun...@lists.owasp.org
>[mailto:owasp-modsecurity-core-rule-set-boun...@lists.owasp.org] On
>Behalf Of Wesley Render
>Sent: August-20-14 11:30 AM
>To: 'OWASP Mod Security'
>Subject: Re: [Owasp-modsecurity-core-rule
