Hi Team,
We would like to request a feature to capture and display failed login attempts originating from restricted IP addresses within the Audit Log. This visibility is currently missing, directly impacting our security and administration teams.
This feature addresses a security blind spot where access attempts rejected by IP restrictions go unrecorded. The lack of this data prevents us from quantifying external threats, assessing the frequency of targeted attacks, or identifying patterns of malicious behavior. This inability to track and monitor perimeter blocks limits our security governance and complicates compliance audits, as we lack auditable proof that these specific controls are being tested and holding firm. We are not currently using a workaround for this issue.
Our ideal solution would be the inclusion of a specific event type, such as “Failed Login – IP Restricted,” within the Audit Log. Each event should include the timestamp and originating IP address and be accessible via the Audit Log for export and integration into our broader security monitoring tools.