The Nemesida WAF software can work in IDS mode, which uses the principle of traffic mirroring. This makes it possible to train the Nemesida AI system before running Nemesida WAF in the standard mode (IPS), to check the system performance, to monitor the attacks of the web application in the passive mode.

Using the Nemesida WAF in IDS mode is necessary for customization under a complex web-application without probable false positive blocking of site visitors. In this mode, a copy of incoming traffic with the record of status codes of responses (200 or 403) is processed - registration of events for setting up the Nemesida WAF software for a specific web-application. Blocking of illegitimate requests is not carried out.