Difference between revisions of "HIDS 171005"

From Atomicorp Wiki
Jump to: navigation, search
(Created page with "'''Rule ID''' 171005 '''Message''' Multiple rapid Exim authentication failures. '''Description''' This rule detects when exim reports a high number of incorrect authen...")
 
m
 
Line 26: Line 26:
  
 
[[HIDS_171006]]
 
[[HIDS_171006]]
 
 
  
 
'''Knowledge Base Articles'''
 
'''Knowledge Base Articles'''
Line 35: Line 33:
 
'''Outside References'''
 
'''Outside References'''
  
 +
None.
  
 
'''Notes'''
 
'''Notes'''
  
ASL has no control over the message generated by your application (in this case sshd).  This messages generated by an application and neither generated by ASL, nor is this something ASL can control.  ASL is just listening to what you application is "saying", analyzing the "message" and then reporting its significance to you you based on its internal understanding of those messages, and other events that may (or may not) be occurring on the system.
+
None.

Latest revision as of 14:06, 5 January 2015

Rule ID

171005

Message

Multiple rapid Exim authentication failures.

Description

This rule detects when exim reports a high number of incorrect authentication failures for the same IP. The threshold is 8 failures in 2 minutes.

False Positives

There are no known false positive for this rule.

Tuning Recommendations

None.

Similar Rules

HIDS_171003

HIDS_171004

HIDS_171006

Knowledge Base Articles

None.

Outside References

None.

Notes

None.

Personal tools