Active rule currently published.
This rule is a generic group level event counter. It tracks authentication failures across multiple rulesets.
The default settings are to detect 10 authentication failures in 160 seconds from a common source.
If you believe that this is a false positive, then disable this rule or whitelist the source IP.