You can find it in the docs.
Brute force log scanner:
Turns ON ability to have DirectAdmin scan service logs for any brute force login attempts on a server (dovecot, exim, proftpd, sshd).
So only scans logs for login attempts to those services.
Brute force monitor:
First started as monitor to scan logins to DA itself and protect it against bruteforces, but it can do a lot more nowadays.
The BruteForceMonitor can scan how many times a specific IP attacks a server, but also how many times a specific User is attacked from any IP. Als scan apache logs for WP Logins.
So best is to enable both, BFM can do a lot more and can also work together with CSF.
