Description
Detects suspicious behavior from logs and can share or consume community security intelligence. It is useful for administrators who want collaborative intrusion detection and automated response around exposed services.
Security agents can read logs, block IPs, and send telemetry or signals depending on configuration. Review privacy, bouncer actions, firewall integration, and false-positive handling before production use.