Greetings Xu Feng: "Though I defined the active-response on the server only being triggered by rules (5712,5720) which are sshd rules, when multiple errors from the same IP in the Apache logs turned up, the IP was blocked by hosts.deny on the agent.
Any idea to help me out? " Are you stating that active-response is being triggered for rules other than 5712 and 5720? Thank you.
