improved
Filter for authenticated events
10 months ago by Sebastian Wallin
We've added a new filter for querying whether an event is considered "authenticated" vs. "anonymous". Authenticated events mean that it was caused by an authenticated user. An example of a non-authenticated is a failed login event, where the credentials match a known user, but where it’s not confirmed that it actually was triggered by the legitimate, authenticated user. Same with password reset requests.
For example, if you set up a policy for detecting account sharing, you'd enable this filter to ensure that you're detecting overlapping activity from logged-in users only.
