Taken from inputs.conf on the deployment server:
blacklist1 = EventCode="4662"
blacklist2 = EventCode="566"
blacklist3 = EventCode="4776"
blacklist4 = EventCode="4768"
blacklist5 = EventCode="4769"
blacklist6 = EventCode="5156"
blacklist7 = EventCode="4658"
blacklist8 = EventCode="4656"
blacklist9 = Account_Name="SERVICE-ACCOUNT-NAME"
The above blacklist works perfect for all EventCodes noted, but I am trying to blacklist activity (specifically high volumes of login events) for particular service accounts.
Is this possible?
... View more