I have a correlation rule that fires when there are multiple failed
logins from a user. Currently we are getting false positives because the
system also considers the computer accounts that try to log in. I want
to filter out any computer accounts. Computer accounts end in $. Let me
know if someone knows how to filter out something that ends in $


anantpshah's Profile: https://forums.netiq.com/member.php?userid=6032
View this thread: https://forums.netiq.com/showthread.php?t=48859