query regarding the Brute Force threshold,
snort and ips generic rule has the threshold for the bruteforce signature is 5 failed loging with 60 Seconds, what i have face the situation that this pattern of threshold is flooding so much of noise,
The question opens to all What will be the threshold for the signature like >>> SSH: SSH Login Bruteforce Detected
Mcafee NSM Default Threshold is 10 failed logins in 120 seconds... I have found reducing the seconds to 60 seconds helps.