HIDS 171006
From Atomicorp Wiki
Rule ID
171006
Message
Multiple rapid Exim authentication failures.
Description
This rule detects when exim reports a number of incorrect authentication failures for the same IP over a long period of time. The threshold is 8 failures in 1 hour.
This detects slow brute force attacks.
False Positives
There are no known false positive for this rule.
Tuning Recommendations
None.
Similar Rules
HIDS_171006
Knowledge Base Articles
None.
Outside References
None.
Notes
None.