Creating rules with Detection IDs
Hello I'm working on creating Bot Score rules to protect login and register pages against all sorts of attacks such as brute force and suspicious logins. The issue is that sometimes they present as likely human but are still marked suspicious. I've noticed that in these cases the new feature, detection IDs, is positive and can flag them as suspicious with detection IDs like "Login Attempt Anomaly" and such.
My question is if anyone has been creating rules using detection IDs where BOT and WAF attacks scores are not low enough to trigger any action but the request is still marked as suspicious, and if so what sort of rule did you create?
Did it help improve security or did it make no difference?
Last question is if anyone has been able to create rules using Detection IDs to combat scraping?
I have included pictures to help understand my issue, one is of an example rule using detection IDs and the other is of these requests that do not trigger any actions because both BOT and WAF attack scores are low and no managed rules are triggered either.
Thank you for your help!
My question is if anyone has been creating rules using detection IDs where BOT and WAF attacks scores are not low enough to trigger any action but the request is still marked as suspicious, and if so what sort of rule did you create?
Did it help improve security or did it make no difference?
Last question is if anyone has been able to create rules using Detection IDs to combat scraping?
I have included pictures to help understand my issue, one is of an example rule using detection IDs and the other is of these requests that do not trigger any actions because both BOT and WAF attack scores are low and no managed rules are triggered either.
Thank you for your help!
