Something like the following must be defined in the agent's ossec.conf, not the shared/agent.conf or server's ossec.conf ``` xml <active-response> <repeated_offenders>30,120,360,420,840</repeated_offenders> </active-response> ```
Something like the following must be defined in the agent's ossec.conf, not the shared/agent.conf or server's ossec.conf