On Thu, Jun 6, 2013 at 10:14 AM, Jeff Neely <[email protected]> wrote: > We have a Windows system making many sftp connections to a Linux system in a > short period of time. It is 3rd party software that I am being told can't > be changed to use key exchange. The result is this is perceived as an > attack and we start denying the host. Is there a way to ignore the > "authentication failure" if it is followed by "Accepted password" message? >
Probably. Take a look at the alert that triggers the active response. I'm sure there's a way to quiet it down a bit to not be an issue in this case. > -- > > --- > You received this message because you are subscribed to the Google Groups > "ossec-list" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/groups/opt_out. > > -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/groups/opt_out.
