We have brute force enabled for exchange login url and few users who has multiple mail accounts configured in single device are getting blocked with "Brute Force: Maximum login attempts are exceeded ". As per my understanding ASM Brute force is only looking for failed login attempts against the configured URL. But user account is valid and using right credentials. How F5 is tracking it as failed logins?
Detection Period 60 Minutes
Maximum Prevention Duration 60 Minutes
Username Trigger: After 10 failed login attempts
Action: Alarm and Captcha
User who have 3 mail boxes configured in a single device is having trouble since the connection initiating from a single IP address.