diff --git a/filter.d/sonic-audit.conf b/filter.d/sonic-audit.conf
new file mode 100644
index 0000000..8d8cc17
--- /dev/null
+++ b/filter.d/sonic-audit.conf
@@ -0,0 +1,10 @@
+## Version 2023/11/10
+# Fail2Ban filter rules for DES
+
+[INCLUDES]
+
+before =  common.conf
+
+[Definition]
+failregex = ^.*Failed password for (.*)from <HOST>
+ignoreregex = 
diff --git a/jail.d/sonic-audit.conf b/jail.d/sonic-audit.conf
new file mode 100644
index 0000000..c648bde
--- /dev/null
+++ b/jail.d/sonic-audit.conf
@@ -0,0 +1,11 @@
+## Version 2023/11/10
+# Fail2Ban jail configuration for Dell Enterprise SONiC
+
+[sonic-audit]
+
+banaction = nftables-multiport
+chain = input
+
+enabled = true
+logpath = /var/log/audit.log
+maxretry = 3