Active rule currently published.
This rule detects multiple login failures for services that use the generic Linux Programmable Authentication Modules system. The intent of this rule is to detect a malicious party attempting to brute force guess passwords.
The default settings are to detect 8 login failure, from the same IP, within 90 seconds.
This rule can be falsely triggered if multiple users are using the same IP address, such as behind a firewall and multiple users generate 8 or more failures within 90 seconds.
If you believe that this is a false positive, then disable this rule or whitelist the source IP.