When someone is running malicious activity against your public facing services just a few high priority alerts is enough to know that source is not trusted and there is no need for them to keep wasting your IPS cycles. Ideally, it would be to have correlated remediation action automatically adding …