Re: [mod-security-users] More information on Anomaly scoring
Brought to you by:
victorhora,
zimmerletw
From: Chaim S. <CSa...@tr...> - 2015-10-06 16:15:36
|
I would direct you towards http://blog.modsecurity.org/2010/11/advanced-topic-of-the-week-traditional-vs-anomaly-scoring-detection-modes.html. If you find that this isn't enough perhaps we can work together to build some documentation that we can post on ModSecurity.org. The reason your 2.5 book might not cover this is because this is an OWASP CRS thing exclusively. Hit me up, if you are interested in helping :) -----Original Message----- From: Jacob Margason [mailto:j.m...@va...] Sent: Tuesday, October 06, 2015 9:36 AM To: mod...@li... Subject: [mod-security-users] More information on Anomaly scoring Hello fellow WAF enthusiasts, I am looking for more information about how the anomaly detection system works, I have been looking over the reference documentation but I didn't find much. I also have the book on 2.5 but it doesn't have anything useful that I can find. Where can I get some high level overview of the anomaly detection system? Can you tweak the anomaly detection settings? etc.. I have previously been working with mod security configured in traditional detection mode, I would just like to have a better understanding of the anomaly system, its limitations, and its configuration. Thanks! -- Jacob Margason Application Server Administrator VUIT Linux Applications | Vanderbilt University 615.380.1013 | j.m...@va... ------------------------------------------------------------------------------ _______________________________________________ mod-security-users mailing list mod...@li... http://scanmail.trustwave.com/?c=4062&d=5OST1gstcM6NdzgskkWkWy8PsTnXC9YGFzsqyzJtFg&s=5&u=https%3a%2f%2flists%2esourceforge%2enet%2flists%2flistinfo%2fmod-security-users Commercial ModSecurity Rules and Support from Trustwave's SpiderLabs: http://scanmail.trustwave.com/?c=4062&d=5OST1gstcM6NdzgskkWkWy8PsTnXC9YGF2l4n2s5Eg&s=5&u=http%3a%2f%2fwww%2emodsecurity%2eorg%2fprojects%2fcommercial%2frules%2f http://scanmail.trustwave.com/?c=4062&d=5OST1gstcM6NdzgskkWkWy8PsTnXC9YGF2h8zWdtRw&s=5&u=http%3a%2f%2fwww%2emodsecurity%2eorg%2fprojects%2fcommercial%2fsupport%2f ________________________________ This transmission may contain information that is privileged, confidential, and/or exempt from disclosure under applicable law. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution, or use of the information contained herein (including any reliance thereon) is strictly prohibited. If you received this transmission in error, please immediately contact the sender and destroy the material in its entirety, whether in electronic or hard copy format. |