Hi everyone, let me chime in on this.
From a newbie perspective, I’d argue, the 0-4 definition would make sense since it would be a logical choice. You should be able to easily distinct between the paranoia rating and the anomaly rating through the latter’s variable-definition e.g. warning, critical, … Nevertheless, Christian’s argument “If we leave some room between the numbers, we have room to fill them in the future.” favours 0-40. At least for me, since I like the idea of planning way ahead. So, from my point of view, a range of 0-40 would be the favourable choice. But, it’s arbitrary nature would require a well-curated documentation. It’s good to see the community’s commitment on this and I hope to be of any help. Cheers, Noël > On 08 Feb 2016, at 22:12, Christian Folini <christian.fol...@netnea.com> > wrote: > > Thanks Chaim and Lukas! > > I got positive feedback via private messages too. > > The one question, where I am still unsure (and the > feedback / criticism is also split) is the question > of the good integer range for the paranoia level. > 0-4 or rather 0-40. > > Still not sure. > > Thoughts on this question are thus very welcome. > > Ahoj, > > Christian > > > On Mon, Feb 08, 2016 at 02:31:47PM +0000, Chaim Sanders wrote: >> Good writeup Christian! >> >> On 2/8/16, 2:59 AM, >> "owasp-modsecurity-core-rule-set-boun...@lists.owasp.org on behalf of >> Funk, Lukas" <owasp-modsecurity-core-rule-set-boun...@lists.owasp.org on >> behalf of lukas.f...@united-security-providers.ch> wrote: >> >>> Hi Christian and all, >>> >>> I follow the discussion about the paranoia mode with great interest. I >>> think it could be a good starting point for ModSecurity users which do >>> not have the expert knowledge of the rules. >>> >>> Looking at your proposed structure of the paranoia mode setup, I think >>> it's on a good track. The structure is easy to understand! >>> Unfortunately I can't comment the different rules, as I don't have much >>> experience with them. >>> >>> Thanks to all of you putting such great effort to the CRS and I'm really >>> looking forward to version 3! >>> >>> Cheers, Lukas >>> >>> >>>>> Dear all, >>>>> >>>>> With the progress we are making on the rules front, it is time to talk >>>>> about >>>>> the way it could be implemented. >>>>> It's time for the show-me-the-code. He you go: >>>>> >>>>> >>>>> http://scanmail.trustwave.com/?c=4062&d=tN-41hG4qCjBMKf0XEE90boFBx23NXMA >>>>> 8kit7zcE9Q&s=5&u=https%3a%2f%2fwww%2enetnea%2ecom%2fcms%2f2016%2f02%2f04 >>>>> %2fowasp-modsecurity-core-rules- >>>>> paranoia-mode-mechanics-proposal/ >>>>> >>>>> Feedback welcome! >>>>> >>>>> Christian >> >> >> ________________________________ >> >> This transmission may contain information that is privileged, confidential, >> and/or exempt from disclosure under applicable law. If you are not the >> intended recipient, you are hereby notified that any disclosure, copying, >> distribution, or use of the information contained herein (including any >> reliance thereon) is strictly prohibited. If you received this transmission >> in error, please immediately contact the sender and destroy the material in >> its entirety, whether in electronic or hard copy format. >> _______________________________________________ >> Owasp-modsecurity-core-rule-set mailing list >> Owasp-modsecurity-core-rule-set@lists.owasp.org >> https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set > > -- > mailto:christian.fol...@netnea.com > http://www.christian-folini.ch > twitter: @ChrFolini > _______________________________________________ > Owasp-modsecurity-core-rule-set mailing list > Owasp-modsecurity-core-rule-set@lists.owasp.org > https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
signature.asc
Description: Message signed with OpenPGP using GPGMail
_______________________________________________ Owasp-modsecurity-core-rule-set mailing list Owasp-modsecurity-core-rule-set@lists.owasp.org https://lists.owasp.org/mailman/listinfo/owasp-modsecurity-core-rule-set
