5716 1.1.1.1 sshd: authentication failed from IP 1.1.1.1. authentication_failed,pci_dss_10.2.4,pci_dss_10.2.5, pfsense-wrapped pfSense wrapped syslog parent rule. 87699 block pfSense firewall drop event (wrapped). pfsense,firewall_block,pci_dss_1.4,gpg13_4.12,hipaa_164.312.a.1,nist_800_53_SC.7,tsc_CC6.7,tsc_CC6.8, 87761 Multiple pfSense firewall block events from same source (wrapped). T1110 pfsense, web|attack|attacks etc/lists/blacklist-alienvault IP address found in AlienVault reputation database. 9705 watchdog@invalid Dovecot: mailcow watchdog health check (ignored) 9707 rip=172.22.1. Dovecot: mailcow watchdog IMAP probe disconnect (ignored) 9706 imap(IGNORED_EMAIL_ADDRESS) Dovecot: own-mailbox routine session disconnect (ignored) 9706 managesieve-login: Disconnected: Connection closed (no auth attempts Mailcow watchdog managesieve healthcheck - suppressed 9701 Dovecot successful login - suppressed (routine IMAP polling) gitea Gitea event (parent) 100400 router: polling Gitea: router polling - suppressed 100400 router: completed Gitea: router completed request - suppressed 100400 Failed authentication attempt Gitea: failed authentication attempt authentication_failed, T1110 100410 Gitea: possible brute force (5+ failed logins in 2 min) authentication_failures, T1110 100400 new user signed up|created user Gitea: new user account created 100400 deleted user|DeleteUser Gitea: user account deleted 100400 add public key|added SSH key|AddPublicKey Gitea: SSH key added to account 100400 delete public key|deleted SSH key|DeletePublicKey Gitea: SSH key removed from account 100400 access token|AccessToken Gitea: access token activity 100400 ResetPasswd|recover_account Gitea: password reset / account recovery 100400 repository deleted|DeleteRepository Gitea: repository deleted 100400 TwoFactor|two-factor|TOTP Gitea: 2FA event