Difference between revisions of "HIDS 3358"

From Atomicorp Wiki
Jump to: navigation, search
(Created page with "{{Infobox |header1= Rule 3358 |label2 = Status |data2 = Active |label3 = Alert Message |data3 = Multiple SASL authentication failures. }} = Description = ASL has detected m...")

Revision as of 13:43, 24 September 2014

Rule 3358
Status Active
Alert Message Multiple SASL authentication failures.

Contents

Description

ASL has detected multiple SASL authentication failures from a single IP within a short period of time. This specifically looks for 5 failures in 10 seconds.

Troubleshooting

Solutions

If you wish to prevent ASL from shunning on these events, simply set Active Response for the rule to off.

False Positives

Please do not report this as a false positive unless ASL is incorrectly reporting an event that is not a login failure for your mail server. To report a false positive, please follow this process:

https://www.atomicorp.com/wiki/index.php/Reporting_False_Positives

Additional Information

Similar Rules

HIDS_3359

HIDS_3360

HIDS_60904

HIDS_60905

HIDS_60906

Knowledge Base Articles

None.

External Articles

None.

Personal tools