Thanks Derin
Very comprehensive report, impressive!
But not the exact thing I was looking for. I would like to utilize the Insight DB (at least I think the failed authentication counter is found in this database) as authorization source and if a device have more than, let's say, 100 failed authentications it should be handled in another way in the enforcement policy.
------------------------------
Best Regards
Jonas Hammarbäck
ACCX #1335, ACMP, ACDA, ACNSA, ACEA
Aranya AB
------------------------------
Original Message:
Sent: Jun 01, 2021 05:03 AM
From: Derin Mellor
Subject: Use number of failed authentications for a devices in Enforcement policy
Jonas,
I wrote some code that generates this report and a raft of other reports.
Have a look at the attached Summary and Detailed reports.
I've also included the code that generates this in the zip file. If you want to try it have a read on the included readme file.
Regards Derin
------------------------------
Derin Mellor
Original Message:
Sent: May 31, 2021 10:48 AM
From: Jonas Hammarback
Subject: Use number of failed authentications for a devices in Enforcement policy
Hi
Is it possible to use the counter in the Insigth database for number of failed authentications in an Enforcement policy?
The case I'm thinking about is if a device fail to authenticate numerous times a message should be sent to take care of the device, or an specific Enforcement policy be applied to this device limiting the amount of new requests it can send for some time.
------------------------------
Best Regards
Jonas Hammarbäck
ACCX #1335, ACMP, ACDA, ACNSA, ACEA
Aranya AB
------------------------------