It would be nice to be able to attach criteria to the distribution policies. For example:
Do not distribute (i.e. Drop...) successful windows logon events for user domain\serviceaccount that log in over the network from host 1.2.3.4
My specific example is my Orion service account. It logs in thousands of times per minute across the network while performing its various checks. As long as the requests come from my orion host.
Thanks
dave
