Hi Guys,
Currently we can configure alerting for Radius Auth failures using insight based on the no of failures for x amount of time.
Can we customize this alert to trigger based of number of auth failures seen for different users?
N no of failures are seen for x minutes of time for different user.
I am not looking for an alert based on the cumulative count of all users
Eg: User X had 4 auth failures in last 5 minutes
Background:
I am trying to setup alerting for users whose devices have undergone consecutive failures (mostly phones remembering old passwords) to avoid account lockouts or alert IT support so they can inform the users about the same.
There are ways to tweak the LDAP filters to ensure Clearpass can refrain from sending the request which can lead to account lockout.
However, that requires Clearpass to always check against PDC as that maintains the badpwdcount parameter value globally. However, it is not feasible to do that in our case.