theseion
commented
7 months ago For a specific rule you'll have to modify the rule. If you don't want to block anything, you can simply set the engine to DetectionOnly. That will generate the logs without blocking anything.
git-SwitchBlade
So I have a usecase, where I don't want to return 403 access code, I am only interested in the log, that an SQLi attack has been detected, so that I can ingest that log in SIEM.