Forum Discussion

keith_be's avatar
keith_be
Copper Contributor
May 03, 2019

Excluding "suspicious authentication failure alerts"

Hi,
 
Why can't you exclude specific servers for following “Suspicious authentication failures.” Alerts. It seems logic to me that this feature is also available for this type alert. Assume following scenario: A customer has a VDI environment with Citrix storefront servers. It is normal that you will see many authentication failures on those storefront servers from all users mistyping their password. In other words you would like to exclude these servers for this type of alert. Apparently for this alert the exclusion functionality is not foreseen. What is the underlying idea behind this? Could this be included as a future feature request?

THX
keith

 

2 Replies

  • Tali Ash's avatar
    Tali Ash
    Former Employee
    May 05, 2019

    Hi keith_be ,

     

    This functionality is available in Azure ATP.

    For ATA we will add it as a FR, we currently can't commit to backward-port it into ATA.

     

    Thanks,

    Tali

    • keith_be's avatar
      keith_be
      Copper Contributor
      May 06, 2019

      Tali Ashthanks for your answer and considering this functionality as a feature request. Could we somewhere vote for it :). Hopefully you port it soon to ATA.
       
      Kind regards,
      Keith

Resources