How does Syspeace know when to block something, and for how long to block?

You are here:

Syspeace detects login attempts, and looks for patterns in them based on rules for each type of login attempt. A rule may be “if you find 5 login failures within 30 minutes, block them for 2 hours”. Beyond this pattern, the rule may also narrow the scope, for example: “if the username was ‘test'”.

You have full control over the rules. Multiple rules can be active at once and will be evaluated in order of priority – top to bottom.

The first rule where a match will be found wins, not necessarily the rule with the longest blocking duration.