The most likely cause is that Asterisk is not providing enough information about an account violation.
If you are running Asterisk 13 or later, then you should tell SecAst to use the AMI for talking to Asterisk (don’t use a security log file). This exposes a lot more information to SecAst.
If you must use the Asterisk log file, please send that log file and the SecAst log file to support for assistance in identifying the attack type and adjusting your setting to recognize the attack.