Research: Collect ModSecurity information and show them to users

Problem to solve

ModSecurity can provide Web Application Firewall (WAF) functionalities to the cluster ingress, and track all the possible malicious requests that are sent to an application.

This information should be collected by GitLab, and shown to users so they can be aware of possible attacks and take actions.

Further details

This issue could benefit of existing monitor capabilities GitLab already has in ~"devops:monitor".

Proposal

Configure ModSecurity so that log information are sent to a monitoring server, and then consumed via the GitLab UI.

We could leverage the existing Operations Dashboard or create something custom, depending on which functionalities are available.

What does success look like, and how can we measure that?

Users look at information from ModSecurity in the UI and start actions from there.