That message means that the source IP is known to be used by hackers and that the connection attempts are most likely hack attempts. However, the user is using valid credentials!
So if this blocking is correct then change the account name and secret for the account in question.
If you don’t want SecAst to block this IP address you can raise the threshold for hacker detection.