search

opensearch-project / security-analytics

Security Analytics enables users for detecting security threats on their security event log data. It will also allow them to modify/tailor the pre-packaged solution.
Apache License 2.0
67 stars 72 forks source link

[support coreruleset] #395

Open zffocussss opened 1 year ago

zffocussss commented 1 year ago

Hi team: will opensearch support rules similar to OWASP coreruleset to detect abonormal http request.

praveensameneni commented 1 year ago

@zffocussss , Thank for creating the request. Adding to our feature request backlog. Will post an update on the prioritization of the request. Taking a quick look at the GitHub project, the core ruleset is Apache 2 licensed and has ~ 30+ conf files to detect text patterns in Mod security

Adding additional details:

https://github.com/coreruleset/coreruleset/ https://coreruleset.org/

The OWASP ModSecurity Core Rule Set (CRS) is a set of generic attack detection rules for use with ModSecurity or compatible web application firewalls. The CRS aims to protect web applications from a wide range of attacks, including the OWASP Top Ten, with a minimum of false alerts.