HIDS 40111

From Atomicorp Wiki
Revision as of 14:32, 30 July 2011 by Scott (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Rule ID

40111

Status

Active rule currently published.

Description

This rule is a generic group level event counter. It tracks authentication failures across multiple rulesets.

The default settings are to detect 10 authentication failures in 160 seconds from a common source.

False Positives


If you believe that this is a false positive, then disable this rule or whitelist the source IP.

Tuning Recommendations

None.

Similar Rules

Retrieved from "https://wiki.atomicorp.com/wiki/index.php?title=HIDS_40111&oldid=1780"
Personal tools