Anomaly scoring - No Severity available for understanding thresholds for Blocked Requests (score over 5)

[moneyclouds]

I have a use case with a customer where they are seeing Blocked Requests, but there isn't any info/data/metrics available for querying to understand what each TransactionID/RuleID is mapped to what severity or category level. ***

Would it be possible for the Severity to be added for the Managed Rules Sets? That way we can understand how to mitigate against false negatives or false positives when trying to build a security structure.

CRS gives this site as a guideline reference, but we do not show this in our docs: https://www.netnea.com/cms/core-rule-set-inventory/

Any guidance or help is appreciated. Thank you!

---

Document Details

⚠ Do not edit this section. It is required for learn.microsoft.com ➟ GitHub issue linking.

• ID: 079888f6-188c-1bb9-0516-bd52ad0f287e
• Version Independent ID: 1971c541-4019-f620-b57b-8cfd5acf87a1
• Content: CRS rule groups and rules - Azure Web Application Firewall
• Content Source: articles/web-application-firewall/ag/application-gateway-crs-rulegroups-rules.md
• Service: web-application-firewall
• GitHub Login: @vhorne
• Microsoft Alias: victorh

[TPavanBalaji]

@moneyclouds Thanks for your feedback! We will investigate and update as appropriate.

[SaibabaBalapur-MSFT]

@moneyclouds I'm going to assign this to the document author so they can take a look at it accordingly.

@vhorne Can you please check and add your comments on this doc update request as applicable.

[vhorne]

Thanks for your dedication to our documentation. We have created an internal work item in our backlog to resolve this issue. If you determine another possible update to our documentation, please don't hesitate to reach out again.

#please-close