Bare Minimum Modsec Rules

I have tried using Modsec with the OWASP Rules pack, but it seems to break my WordPress website. However, once I turned it off, My websites started getting attacked, with the server hitting 100% almost every day.

Can someone please tell me which rules I should enable from this pack in order to stop bruteforce attacks and other very important things?

Thanks!

I am also looking for this. Did you find any rules that will secure WP and not break it?

Nothing yet.

I need this as well, could anyone experienced enough with this put up a step by step pl.