[Owasp-modsecurity-core-rule-set] Need Help for Mod security
aadimanavtest at gmail.com
Wed Jul 15 10:21:21 UTC 2015
Thank you very much. Now got the clear picture.
On Tue, Jul 14, 2015 at 9:33 PM, Chaim Sanders <CSanders at trustwave.com>
> Josh has pretty much nailed it.
> 1. The CRS rules are generic and don’t update often I usually update
> them about once a month with minor bug fixes (almost exclusively in the 3.0
> branch). If you are looking for signature like protection (i.e what snort
> does) Trustwave offers commercial rules that do just that. We do however
> recommend that you also use CRS where reasonable.
> 2. Writing rules isn’t so bad. A good intro is available here:
> Ultimately if you want to get into it in any depth I recommend buying
> Ivan’s ModSecurity Handbook (
> https://www.feistyduck.com/books/modsecurity-handbook/). Its a
> treasure trove of information and is a great start.
> 3. The UI I use most often is AuditConsole from Jwall but your milage
> may vary. Many people use splunk. I have a blog post coming out soon that
> details how to save logs directly to any database such that you can
> use/make pretty much any log analyzer.
> From: Joshua Roback <jroback at gmail.com>
> Date: Tuesday, July 14, 2015 at 9:26 AM
> To: Rishi nand <aadimanavtest at gmail.com>, "
> owasp-modsecurity-core-rule-set at lists.owasp.org" <
> owasp-modsecurity-core-rule-set at lists.owasp.org>
> Subject: Re: [Owasp-modsecurity-core-rule-set] Need Help for Mod security
> 1) Typically open source rules are updated along with new ModSecurity
> releases. There isn't really a need to update as frequently as an IDS
> since the scope of detection requirements for a WAF is much smaller.
> 2) Spent time looking at the rules to get a feel for the format and the
> purpose and then buy
> The Web Application Defender's Cookbook -
> 3) Don't know about this. I use a proprietary application.
> On Tue, Jul 14, 2015 at 7:49 AM Rishi nand <aadimanavtest at gmail.com>
>> Hi There
>> I am new to modsecurity and want to try in our organization, but came
>> across few doubts. I will be glad if any body can clear them
>> 1. OWASP modsecurity CRS : are these rules update daily (like snort
>> rules, If so how to update). or how often they will update, In that case
>> how to update them.
>> 2. if i want to write my own custom rules how can i proceed :- where to
>> create file and in which directory, Can i write all the rules in one file
>> or a separate rule for each file
>> 3. any recommended UI for modsecurity
>> Thanks in advance
>> Owasp-modsecurity-core-rule-set mailing list
>> Owasp-modsecurity-core-rule-set at lists.owasp.org
> This transmission may contain information that is privileged,
> confidential, and/or exempt from disclosure under applicable law. If you
> are not the intended recipient, you are hereby notified that any
> disclosure, copying, distribution, or use of the information contained
> herein (including any reliance thereon) is strictly prohibited. If you
> received this transmission in error, please immediately contact the sender
> and destroy the material in its entirety, whether in electronic or hard
> copy format.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Owasp-modsecurity-core-rule-set