Why does senhasegura block access from certain IPs?

The senhasegura® has an embedded HIDS system using Wazuh1. This system prevents SSH connections with authentication failure from continuing to try to access the passwords. Every three failed attempts, the source IP will be blocked.

This blocking is not immediate. Wazuh must perform the logs analysis for decision making. Therefore, the user can be prevented from accessing at any time from the third fault. Once blocked, the IP will not be automatically released. It is necessary that the administrator releases the IP manually.

To find the IP in the block list access the menu Orbit ➞ Server ➞ Security . Each blocked IP contains an action to Exclude the block. When confirming the action, Orbit will schedule the unblocking. This action may take a few minutes.

A important consideration is account blocking through failed attempts in the web interface are not considered in Wazuh blocking. However, blocking also occurs after three attempts and with manual release by the administrator.