We have an ASA 5520 and I'm new to the inspection features of the IOS (version 7.2(2)).
I've got someone occasionally taking a brute force login attack to our FTP server. It always originates from a different IP address, so it's difficult to shun unless you happen to catch it in progress. I'd like to teach the ASA to shun the source IP address after some number of failed login attempts to the FTP server.
I haven't found a way to use application inspection to detect a failed login attempt to the FTP server, but I'm new to this kind of inspection. Am I missing something in the capabilities of the ASA or do I need an IDS to detect the threat and then tell the ASA to stomp on it?