HIDS 40111

From Atomicorp Wiki
Revision as of 14:32, 30 July 2011 by Scott (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Rule ID



Active rule currently published.


This rule is a generic group level event counter. It tracks authentication failures across multiple rulesets.

The default settings are to detect 10 authentication failures in 160 seconds from a common source.

False Positives

If you believe that this is a false positive, then disable this rule or whitelist the source IP.

Tuning Recommendations


Similar Rules

Personal tools