How does Syspeace know when to block something, and for how long to block?

Syspeace detects login attempts, and looks for patterns in them based on rules for each type of login attempt. A rule may be “if you find 5 login failures within 30 minutes, block them for 2 hours”. Beyond this pattern, the rule may also narrow the scope, for example: “if the username was ‘test'”.

You have full control over the rules. Multiple rules can be active at once and will be evaluated in order of priority – top to bottom.

The first rule where a match will be found wins, not necessarily the rule with the longest blocking duration.