Excluding "suspicious authentication failure alerts"

keith_be · ‎May 03 2019

Hi,

Why can't you exclude specific servers for following “Suspicious authentication failures.” Alerts. It seems logic to me that this feature is also available for this type alert. Assume following scenario: A customer has a VDI environment with Citrix storefront servers. It is normal that you will see many authentication failures on those storefront servers from all users mistyping their password. In other words you would like to exclude these servers for this type of alert. Apparently for this alert the exclusion functionality is not foreseen. What is the underlying idea behind this? Could this be included as a future feature request?

THX
keith

Tali Ash · ‎May 05 2019

Hi @keith_be ,

This functionality is available in Azure ATP.

For ATA we will add it as a FR, we currently can't commit to backward-port it into ATA.

Thanks,

Tali

keith_be · ‎May 06 2019

@Tali Ashthanks for your answer and considering this functionality as a feature request. Could we somewhere vote for it :). Hopefully you port it soon to ATA.

Kind regards,
Keith

Excluding "suspicious authentication failure alerts"

Excluding "suspicious authentication failure alerts"

Re: Excluding "suspicious authentication failure alerts"

Re: Excluding "suspicious authentication failure alerts"

Products (50)

Special Topics (27)

Video Hub (462)

Most Active Hubs

Most Active Hubs

Video Hub

Excluding "suspicious authentication failure alerts"

Excluding "suspicious authentication failure alerts"

Re: Excluding "suspicious authentication failure alerts"

Re: Excluding "suspicious authentication failure alerts"