Do I need to configure Syspeace?
Syspeace comes with default rules to match a general, reasonable pattern of login failures that we don’t think is very likely to cause false positives. We always recommend configuring Syspeace to fit your server and environment. These are some things you may want to consider:
- Since the rules are based on pattern matching (X login failures within Y minutes), there could always be login failures appearing in a different pattern, like over a longer period of time. You may need to create or change the default rules to match the attack traffic you’re seeing. Beyond this, you may decide that you want a harsher consequence (a block that lasts for a longer duration).
- You may want to have harsher or more lenient rules, in terms of login failures needed or the duration of the block.
- You may want to add internal servers or IP ranges to the local whitelist.
- You can configure the Global Blacklist to fit your desires.