Hey Joshua, Thank you very much. Now got the clear picture.
Cheers Nand On Tue, Jul 14, 2015 at 9:33 PM, Chaim Sanders <csand...@trustwave.com> wrote: > Josh has pretty much nailed it. > > > 1. The CRS rules are generic and don’t update often I usually update > them about once a month with minor bug fixes (almost exclusively in the 3.0 > branch). If you are looking for signature like protection (i.e what snort > does) Trustwave offers commercial rules that do just that. We do however > recommend that you also use CRS where reasonable. > 2. Writing rules isn’t so bad. A good intro is available here: > > https://www.nccgroup.trust/globalassets/resources/us/presentations/crowell_stjohn_modsecurity_introduction.pdf. > Ultimately if you want to get into it in any depth I recommend buying > Ivan’s ModSecurity Handbook ( > https://www.feistyduck.com/books/modsecurity-handbook/). Its a > treasure trove of information and is a great start. > 3. The UI I use most often is AuditConsole from Jwall but your milage > may vary. Many people use splunk. I have a blog post coming out soon that > details how to save logs directly to any database such that you can > use/make pretty much any log analyzer. > > > From: Joshua Roback <jrob...@gmail.com> > Date: Tuesday, July 14, 2015 at 9:26 AM > To: Rishi nand <aadimanavt...@gmail.com>, " > owasp-modsecurity-core-rule-set@lists.owasp.org" < > owasp-modsecurity-core-rule-set@lists.owasp.org> > Subject: Re: [Owasp-modsecurity-core-rule-set] Need Help for Mod security > > 1) Typically open source rules are updated along with new ModSecurity > releases. There isn't really a need to update as frequently as an IDS > since the scope of detection requirements for a WAF is much smaller. > > 2) Spent time looking at the rules to get a feel for the format and the > purpose and then buy > The Web Application Defender's Cookbook - > http://www.amazon.com/Web-Application-Defenders-Cookbook-Protecting/dp/1118362187/ref=sr_1_2?ie=UTF8&qid=1436880245&sr=8-2&keywords=web+application+cookbook > <http://scanmail.trustwave.com/?c=4062&d=kZOl1fQMIZX7mJz_iVyCNeOaH9906S4ZT7oOwuBozg&s=5&u=http%3a%2f%2fwww%2eamazon%2ecom%2fWeb-Application-Defenders-Cookbook-Protecting%2fdp%2f1118362187%2fref%3dsr%5f1%5f2%3fie%3dUTF8%26qid%3d1436880245%26sr%3d8-2%26keywords%3dweb%2bapplication%2bcookbook> > https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual > <http://scanmail.trustwave.com/?c=4062&d=kZOl1fQMIZX7mJz_iVyCNeOaH9906S4ZT-ZemLcwnA&s=5&u=https%3a%2f%2fgithub%2ecom%2fSpiderLabs%2fModSecurity%2fwiki%2fReference-Manual> > http://www.atomicorp.com/wiki/index.php/Mod_security > <http://scanmail.trustwave.com/?c=4062&d=kZOl1fQMIZX7mJz_iVyCNeOaH9906S4ZT-1dm-Zmzg&s=5&u=http%3a%2f%2fwww%2eatomicorp%2ecom%2fwiki%2findex%2ephp%2fMod%5fsecurity> > > 3) Don't know about this. I use a proprietary application. > > On Tue, Jul 14, 2015 at 7:49 AM Rishi nand <aadimanavt...@gmail.com> > wrote: > >> Hi There >> >> I am new to modsecurity and want to try in our organization, but came >> across few doubts. I will be glad if any body can clear them >> >> 1. OWASP modsecurity CRS : are these rules update daily (like snort >> rules, If so how to update). or how often they will update, In that case >> how to update them. >> 2. if i want to write my own custom rules how can i proceed :- where to >> create file and in which directory, Can i write all the rules in one file >> or a separate rule for each file >> 3. any recommended UI for modsecurity >> >> Thanks in advance >> >> >> -- >> Cheer's >> >> Nand >> _______________________________________________ >> Owasp-modsecurity-core-rule-set mailing list >> Owasp-modsecurity-core-rule-set@lists.owasp.org >> https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set >> <http://scanmail.trustwave.com/?c=4062&d=kZOl1fQMIZX7mJz_iVyCNeOaH9906S4ZT-sPw-czwA&s=5&u=https%3a%2f%2flists%2eowasp%2eorg%2fmailman%2flistinfo%2fowasp-modsecurity-core-rule-set> >> > > ------------------------------ > > This transmission may contain information that is privileged, > confidential, and/or exempt from disclosure under applicable law. If you > are not the intended recipient, you are hereby notified that any > disclosure, copying, distribution, or use of the information contained > herein (including any reliance thereon) is strictly prohibited. If you > received this transmission in error, please immediately contact the sender > and destroy the material in its entirety, whether in electronic or hard > copy format. > -- Cheer's Nand
_______________________________________________ Owasp-modsecurity-core-rule-set mailing list Owasp-modsecurity-core-rule-set@lists.owasp.org https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
