Seen occasional/strong brute-force attempts to access phpmyadmin/cms/etc, but not since running ASL 3, so will keep a close eye on logs.
Yes, this is a new feature in ASL 3.0. We added in special rules to detect web application login failures, and to detect slow and fast brute force password guessing attacks on those applications. If you enable the MODSEC_12_BRUTE ruleset (the default is enabled) the WAF and IDS will work together to detect these types of attacks.
They work by looking at the output from the application itself so we can trigger when an authentication fails (and not have to rely on logs). If you have particular web applications you would like ASL to detect this for, please let us know. At the moment we have rules published for:
We'll be releasing rules tomorrow for:
Basically all we need a working copy of the application so we can test it. So if its something that be downloaded and installed, its fairly easy to create rules. So, let us know what you would like.