Jump to content


Photo

Multiple Failed Logons filter needs another option

filter update

  • Please log in to reply
2 replies to this topic

#1 brodonium

brodonium

    Newbie

  • Members
  • Pip
  • 1 posts

Posted 25 April 2018 - 07:48 PM

The filtering for the Multiple Failed Logons alert doesn't allow you to filter on the Workstation field. We have a situation where a user is logged on, their password expires or they get locked out somewhere, and the session they have open on a desktop will bang away at our Internet proxy and trigger the Mulitple Failed Logons alert. I have tried to add a filter to ignore the proxy which appears in the Wokstation field but there just isn't a way. The Everywhere filter only allows the Operator to be "Contains" and if Netwrix would just "Does not contain" my problem would be solved. As it stands, if i have that alert enabled I get flooded with alerts and it's just noise.



#2 jeffb

jeffb

    Advanced Member

  • Administrators
  • PipPipPip
  • 378 posts
  • Gender:Male

Posted 26 April 2018 - 02:04 PM

Hello Brodonium,

 

You can type into these fields whatever you want to filter by as seen here:

http://prntscr.com/jafj8f

 

Does that work for you?

 

-Jeff



#3 LavernWord

LavernWord

    Newbie

  • Members
  • Pip
  • 1 posts
  • Gender:Female
  • Location:Independence
  • Interests:Running

Posted Today, 12:28 AM

Hello my friend! I wish to say that this article is awesome, great written and include approximately all important infos. I'd like to peer extra posts like this .

My web site; ______




0 user(s) are reading this topic

0 members, guests, anonymous users