It would be very helpful to have more control of the inspector that reviews brute force / bad login attempts.
Right now as it stands after an account fails 3 times or more, the only way to clear it is to log in correctly. That doesn't always work with our internal best practices, in this specific case the user had 3 failed attempts against their account, but for many reasons didn't log in for a few days, then later on left the job permanently. The account was disabled but we still get the Liongard Tickets for this account.
The ability to turn off alerting against disabled accounts in AD
The ability to only report failed login attempts (>3, or some other number) in the last 24 hours (or some other time frame)
both of these would help us greatly filter out a lot of the noise we are getting.
|Last Reviewed Date||2021-03-19|