Looking to enable the ‘Suspicious Authentication - Non-Approved Country’ detection rule. It states “The following authentication is from a country not in the approved list.”
But where do I set the countries I want approved? There’s no where within the rule and I can’t find an approved countries list anywhere else.
The easiest way to go about this is just to create an exception for the countries you don’t want to be alerted for. At least this is what we have done in the past.
Hey, What exactly do you need? I don’t quite understand the problem.
This is an MDR (Managed IDR) Rule that is maintained by the SOC at your request. Your Customer Advisor may add/remove countries as you require.
David