I was wondering if there is a way to automatically block IP addresses depending on traffic analysis. I see a number of attempts from an attacker and see the traffic is being blocked on the attempt but I would like to impose a temporary block on any IP where the traffic is marked as malicious including legitimate traffic.
Example
IP address 111.111.111.111 is marked as a dropped Intrusion event. But I also see legitimate traffic from that IP.
So I would