We started with anomaly scoring and then slowly adjusted the thresholds. The thresholds should equivalent to the traditional mode nowadays.
Regards, Lucas On Mon, Feb 13, 2012 at 12:17, Ryan Barnett <rbarn...@trustwave.com> wrote: > Reference this blog post - > > http://blog.spiderlabs.com/2010/11/advanced-topic-of-the-week-traditional-vs-anomaly-scoring-detection-modes.html > > How do you run the ModSecurity CRS? Do you use traditional or anomaly > scoring mode? > > Do you have any recommendations for making it easier to run the CRS in > either mode and allowing easy switching between the modes? > > -- > Ryan Barnett > Trustwave SpiderLabs > ModSecurity Project Leader > OWASP ModSecurity CRS Project Leader > > ________________________________ > This transmission may contain information that is privileged, > confidential, and/or exempt from disclosure under applicable law. If you > are not the intended recipient, you are hereby notified that any > disclosure, copying, distribution, or use of the information contained > herein (including any reliance thereon) is STRICTLY PROHIBITED. If you > received this transmission in error, please immediately contact the sender > and destroy the material in its entirety, whether in electronic or hard > copy format. > > _______________________________________________ > Owasp-modsecurity-core-rule-set mailing list > Owasp-modsecurity-core-rule-set@lists.owasp.org > https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set > -- Homo sapiens non urinat in ventum.
_______________________________________________ Owasp-modsecurity-core-rule-set mailing list Owasp-modsecurity-core-rule-set@lists.owasp.org https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
