There are three options for mod security rules...the default one, owasp and Comodo.
Which one do you have selected?
If you are using the free version of cwp, then it will be the default....which shouldn't cause any WordPress issues because it's basic rules are very few.
Having said that, there is a list of WordPress rules you can download.
Another thing you should check is the panic level...if it is set much above 2 on a normal install you may start to get false positives.
Also, are you running Wordfence on your WordPress website? It has its own list of WAF rules.