ModIntel is a robust machine learning pipeline designed to augment ModSecurity's web application firewall capabilities. It functions as an intelligence layer that sits alongside the traditional Core Rule Set (CRS), specifically targeting the reduction of false positives and improving triage efficiency.
Traditional WAFs rely heavily on regular expressions (Regex), which often lead to high false-positive rates and significant manual overhead. ModIntel solves this by ingesting traffic flagged by ModSecurity and analyzing it with a dedicated ML engine before a final decision is made. This "Auxiliary Connector" approach allows organizations to keep their existing infrastructure while upgrading their detection logic.
The primary goal of ModIntel is to reduce the noise generated by static rules. Empirical tests show an estimated 66% reduction in triage time, effectively filtering out benign anomalies that traditional WAFs would block or flag.
Requests are processed asynchronously. While ModSecurity handles the initial ingress, ModIntel's local inference engine analyzes payloads in under 5ms, ensuring that advanced precision does not come at the cost of latency.
Instead of parsing raw text logs, administrators utilize a modern dashboard to visualize threat clusters. This allows for rapid identification of true positives and provides a clear view of attack vectors in real-time.
ModIntel is not a replacement but an enhancement. It plugs directly into existing ModSecurity deployments (Apache/Nginx/IIS) without requiring a complete re-architecture of the security stack.
- Ingest: ModSecurity intercepts the HTTP request.
- Analyze: Heavy payloads are sent to the ModIntel Connector.
- Evaluate: The ML model scores the probability of malicious intent.
- Action: High-confidence threats are blocked; low-confidence alerts are routed to the dashboard for review.
- Frontend: React (Vite)
- Styling: Vanilla CSS (Custom Properties)
- Engine: Python / TensorFlow (Planned)
- WAF Core: ModSecurity + OWASP CRS
This project is licensed under the MIT License.