The filtering for the Multiple Failed Logons alert doesn't allow you to filter on the Workstation field. We have a situation where a user is logged on, their password expires or they get locked out somewhere, and the session they have open on a desktop will bang away at our Internet proxy and trigger the Mulitple Failed Logons alert. I have tried to add a filter to ignore the proxy which appears in the Wokstation field but there just isn't a way. The Everywhere filter only allows the Operator to be "Contains" and if Netwrix would just "Does not contain" my problem would be solved. As it stands, if i have that alert enabled I get flooded with alerts and it's just noise.

Multiple Failed Logons filter needs another option
Started by
brodonium
, Apr 25 2018 07:48 PM
filter update