Closed git-SwitchBlade closed 7 months ago
For a specific rule you'll have to modify the rule. If you don't want to block anything, you can simply set the engine to DetectionOnly
. That will generate the logs without blocking anything.
Thanks for the help
So I have a usecase, where I don't want to return 403 access code, I am only interested in the log, that an SQLi attack has been detected, so that I can ingest that log in SIEM.