Jump to content

# 1-949-407-5125

Photo

Multiple Failed Logons filter needs another option

Started by brodonium , Apr 25 2018 07:48 PM
filter update

  • Please log in to reply
1 reply to this topic

#1 brodonium

brodonium

    Newbie

  • Members
  • Pip
  • 1 posts

Posted 25 April 2018 - 07:48 PM

The filtering for the Multiple Failed Logons alert doesn't allow you to filter on the Workstation field. We have a situation where a user is logged on, their password expires or they get locked out somewhere, and the session they have open on a desktop will bang away at our Internet proxy and trigger the Mulitple Failed Logons alert. I have tried to add a filter to ignore the proxy which appears in the Wokstation field but there just isn't a way. The Everywhere filter only allows the Operator to be "Contains" and if Netwrix would just "Does not contain" my problem would be solved. As it stands, if i have that alert enabled I get flooded with alerts and it's just noise.


#2 jeffb

jeffb

    Advanced Member

  • Administrators
  • PipPipPip
  • 384 posts
  • Gender:Male

Posted 26 April 2018 - 02:04 PM

Hello Brodonium,

 

You can type into these fields whatever you want to filter by as seen here:

http://prntscr.com/jafj8f

 

Does that work for you?

 

-Jeff


Back to Netwrix Auditor for Active Directory Free Community Edition



0 user(s) are reading this topic

0 members, guests, anonymous users