Thanx for the response. I used that blog post as a guide and set SecDefaultAction to "phase:2,pass,nolog,auditlog" but I still get apache log messages for rule matches even though their score is below the threshold. By the way I am using v2.2.5 of the owasp CSR. Thanx Avi
On 2012-11-14, at 7:09 PM, Ryan Barnett <rbarn...@trustwave.com> wrote: > Please refer to this blog post - > http://blog.spiderlabs.com/2010/11/advanced-topic-of-the-week-traditional-v > s-anomaly-scoring-detection-modes.html > > Specifically the section on "Alert Management - Correlated Events". > > -- > Ryan Barnett > Lead Security Researcher > Trustwave - SpiderLabs > > > On 11/14/12 9:41 AM, "Avi Rosenblatt" <a...@greensmoke.net> wrote: > >> Hi, >> I have configured the CRS to use anomaly scoring and raised the inbound >> score level in order to reduce false positives. I'm currently running our >> server in detectiononly mode and I'm getting error log and audit log >> messages for any rule match regardless of score. Is there a way to only >> log messages when a threshold has been reached. Thanx in advance for the >> help. >> >> Avi >> _______________________________________________ >> Owasp-modsecurity-core-rule-set mailing list >> Owasp-modsecurity-core-rule-set@lists.owasp.org >> https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set >> > > > ________________________________ > > This transmission may contain information that is privileged, confidential, > and/or exempt from disclosure under applicable law. If you are not the > intended recipient, you are hereby notified that any disclosure, copying, > distribution, or use of the information contained herein (including any > reliance thereon) is STRICTLY PROHIBITED. If you received this transmission > in error, please immediately contact the sender and destroy the material in > its entirety, whether in electronic or hard copy format. > Avi Rosenblatt IT Manager a...@greensmoke.net 305-600-4362 ------------------------- Green Smoke, Inc. USA It's Electricâ„¢
_______________________________________________ Owasp-modsecurity-core-rule-set mailing list Owasp-modsecurity-core-rule-set@lists.owasp.org https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
