Issue with Brute Force Detection

Hi Guys,

 

Doing ASM configuration for Brute Force anomaly detection. I have two questions, can you please answer them if you have done ASM Brute Force configuration.

 

1. Is there a way to configure SOAP or XML based URL configuration for Brute force detection in ASM?
2. What about Password spraying detection? Does ASM anomaly detects password spraying threats too?