Its possible to create a threshold for a specific user in a ESA rule?
We have a user that trigger many alerts For Brute Force Logins due to a misconfiguration her computer and OS. Our clients know that and are aware of the situation. So i contact with them came up an idea for creation of threshold for her.
For her user it only generates an incident/alert if its the 2.000 time it fails login for example...
Its possible to do that and where can we create the threshold?