New impossible travel policy?

Brass Contributor

Hi

 

I'd like to create a new impossible travel policy in MCAS but I can't find how to do it. Any advice welcome!

 

Many thanks

4 Replies

@stromnessian the Impossible Travel Policy is based on Machine Learning and UEBA - there's no supported way to create a custom policy using UEBA. Those are all built-into the product. Is there a reason the built-in "Impossible Travel Policy" is not satisfying your requirements? You can recommend a change to the development team. 

Thanks for your reply @jurowley.  It was really more for testing rather than a business use case, but it's good to know that it can't be done - I can stop looking now! 🙂

 

Kind regards 

I regularly see "Impossible Travel" triggering in legitimate activity, due to people working remotely and sometimes connecting to our corporate VPN or switching it off. I'm looking for a way to whitelist whole country rather than single IP addresses which is impossible for maintain. Example case:

User is working from Italy and connecting to VPN in Netherlands. In the middle of the day he decides to turn off VPN and continue to work either from his hope or from a local co working space. This moment his public IP changes and can be different every day or even change during the day. How can I whitelist whole countries?

@jurowley 

 

Do you know if it´s possible to trigger Impossible Travel alerts within the same country, like if within a matter of minutes/seconds a user logged in from 2 different states?

 

Thanks.