Sorry it was late past midnight and i did not find anything that could help with a opensource tool like nginx plus modsecurity. However I shared documentation that can help logically identify potential exploits and with nginx plus lua it’s possible this can easily be updated. The OWASP filters are similar. Yes we have done some automation like this many years ago but today we mainly use public cloud WAFs.