Add event details for failed logins
When an alert comes in from a failed login, it would be great if the alert can show the events details so I don't have to go searching through the event viewer.
Kinsey Anderson
shared this idea
-
David Yoder
commented
10 minutes ago I received an alert for "7 failed login attempts during a time period of 5.00 minutes". That's all the alert text says. If I go to the endpoint, the alert section there reads the same thing.
Naturally, I want to know more about the event log messages that triggered the alert. So I go to Manage -> Event Viewer to see more information. I navigate to the Security log and load up 500 events. I quickly find out that 500 events isn't enough, so I load up 1000 events and scroll all the way down but I still can't see the time and events I need to.
This endpoint is a file server with ~50 users connected to it, so an alert that's 10 minutes old has more than 1000 events logged and is unsearchable in Atera.
So now I connect to the endpoint interactively and load up a prebuilt filter in the Windows Event Log to see what I need to. Why not save time and bypass Atera's tools completely?
The fix for this would be to include some context about the alert. Show me the event log messages that triggered the alert and the context surrounding them.