HIDS 3358

From Atomicorp Wiki
Revision as of 12:43, 24 September 2014 by Mshinn (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search
Rule 3358
Status Active
Alert Message Multiple SASL authentication failures.

Contents

Description

ASL has detected multiple SASL authentication failures from a single IP within a short period of time. This specifically looks for 5 failures in 10 seconds.

Troubleshooting

Solutions

If you wish to prevent ASL from shunning on these events, simply set Active Response for the rule to off.

False Positives

Please do not report this as a false positive unless ASL is incorrectly reporting an event that is not a login failure for your mail server. To report a false positive, please follow this process:

https://www.atomicorp.com/wiki/index.php/Reporting_False_Positives

Additional Information

Similar Rules

HIDS_3359

HIDS_3360

HIDS_60904

HIDS_60905

HIDS_60906

Knowledge Base Articles

None.

External Articles

None.

Retrieved from "https://wiki.atomicorp.com/wiki/index.php?title=HIDS_3358&oldid=5110"
Personal tools