Possibly wrong type category assigned to D1171 "Implement Web Application Firewall"
ventos opened this issue · comments
I noticed that for the detection D1171 the type is set to Mitigation
instead of Detection
.
I guess this could be reasoned by a copy&paste error, from the corresponing M1883.
Since I'm currently reading up on this subject, I'm not sure if there's some systematic behind that, I didn't grasp yet. But it looked like an error to me.
I tend to agree @ventos - it's more a mitigation than a detection item. However, we could argue that it can also be used for detection - as many organizations usually leave it in "alert only" mode.
wdyt?