Description
Host and service logs can be monitored for suspicious behavior and matched against a shared IP reputation database. It is useful for administrators who want automated detection and response for attacks such as scans, brute force attempts, and abusive traffic.
Security agents can block traffic or share signals depending on configuration. Review scenarios, privacy settings, firewall integration, and false-positive handling before enabling automatic remediation.