Example: disabling alert escalations for a specific situation

You might want to disable alert escalations for a specified Situation, as shown in the following example.

The administrators at company A notice that the system issues an alert every time someone mistypes their password when logging on using the Management Client. They have set up their IPS system to detect if there are several failed logons within a short period (which could indicate malicious activity). For this reason, they decide that they do not want to receive alert notifications about failed logons.

The administrators:

1. Create an Alert Chain and name it Auto-acknowledge.
2. Set the final action for the Auto-acknowledge Alert Chain to Acknowledge without adding any new rows.
3. Add the following new rule at the top of the Alert Policy:

   Sender	Alert and Situation	Chain
   ANY	"Management Server: Login Failed" Situation Element	"Auto-acknowledge" Alert Chain

4. Refresh the Alert Policy on the Shared Domain.

Alerts for failed logons are still generated and stored, but they do not trigger any alert notification and they are never shown in the Active Alerts view. For example, reports can still include information about failed logon attempts to highlight excessive logon failures.