Would anyone know if it would be possible to adjust the core rule set configuration file so that only events that have a total inbound score of 5 or higher are sent to the audit log. (Running in Collaborative Detection and Anomaly Scoring & Blocking) Version: SecComponentSignature "OWASP_CRS/2.2.9"
For example: I am sending logs using mlogc to a server that has the auditconsole installed. The problem is the server is at a different location and we have limited bandwidth. So would only like to log events that have an inbound_anomaly_score_level of 5 or greater. Wesley Render, IT Consultant, RHCSA Phone: 1.403.228.1221 ext 201 <http://www.otherdata.com/> www.otherdata.com <http://www.facebook.com/otherdata>
_______________________________________________ Owasp-modsecurity-core-rule-set mailing list Owasp-modsecurity-core-rule-set@lists.owasp.org https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
