This will hopefully be a very easy question for someone who normally works within the FirePower Management Center.  We currently have a couple of servers opened up to the outside world for RDP connections by our employees; I know this isn't a good practice and we'll be setting up VPN soon.  However, in the meantime, we are seeing lots of traffic from random sources trying to connect using random usernames (big surprise).  What I was hoping to accomplish was to configure FirePower to block any sources that try to connect to the specific servers Y times within Z seconds (5 times within 30 seconds?).  Ideally, it would be a temporary block, but a permament add to a blacklist would be acceptable if someone could explain how to view the blacklist to remove any false-positives.  I have almost zero experience with FirePower or with managing Cisco products via command line, so I was hoping someone could walk me through where and how to accomplish the tasks needed via the GUI.  If this isn't something realistic, just let me know.  I'm comfortable with the Cisco ASDM software and regularly use it to create static rules affecting firewall traffic.  In fact, I've been adding most of the "attacker" IP addresses to a rule in ASDM to block their traffic as I see heavy traffic hitting.  If the request for an automatic rule isn't realistic I'll just continue to monitor the traffic hitting the servers and manually add IPs to the block rule in Cisco ASDM until we can get a VPN configured.  I look forward to and greatly appreciate any assistance or advice anyone could possibly provide for this situation.  Thanks!