Hello,
I wish to exclude/filter out a user from 2 specifics rules.
(because it caused a lot of False Alerts)
The user is: fortildap
The first rule is :
Multiple failed logons by the same user.
There were 5 failed logons by user DOMAIN\fortildap from workstation DC-ADMIN2.
Alert was generated on computer p-upp1.domain.com
Alert was generated at Sun Jun 14 09:37:23 2020 (Sun Jun 14 06:37:23 2020 GMT).
The second rule is :
Failed logon with account name DOMAIN\fortildap was performed from DC-ADMIN2. Unknown user name or bad password.
Failed logon with account name DOMAIN\fortildap of Network type was performed from DC-ADMIN2 workstation at Sun Jun 14 13:25:33 2020 (Sun Jun 14 10:25:33 2020 GMT). Failure reason: Unknown user name or bad password.
.
Is this possible and how?
Thanks in advance