Difference between revisions of "HIDS 40111"
From Atomicorp Wiki
(Created page with "'''Rule ID''' 40111 '''Status''' Active rule currently published. '''Description''' This rule is a generic group level event counter. It tracks authentication failures a...") |
Revision as of 13:32, 30 July 2011
Rule ID
40111
Status
Active rule currently published.
Description
This rule is a generic group level event counter. It tracks authentication failures across multiple rulesets.
The default settings are to detect 10 authentication failures in 160 seconds from a common source.
False Positives
If you believe that this is a false positive, then disable this rule or whitelist the source IP.
Tuning Recommendations
None.
Similar Rules
