been reading about the default pattern of a certain ips rule, when an ip on the internet performs this type of attack the ips detects and drops and generates event.
but they try like 4 times to 4 dfferent hosted devices in 2 mins, i want to drop and generate after 1st attempt in under 60 seconds but also block for 24hours necause if not then they can just keep trying and trying, if im reading and watching videos correctly its definitely do-able to modify this ips rule...anyone use this feature to automatically block for a certain time?
No comments:
Post a Comment