Bundle ASNs of common ISP providers together (i.e. put all AT&T ASNs into one AT&T bucket) so that if a logon session switches between two ASNs owned by the same ISP it's not treated as an anomalous change. I think this is pretty safe (at least for US based ISPs) and would greatly cut down on noise.
Bundle ASNs of common ISP providers together (i.e. put all AT&T ASNs into one AT&T bucket) so that if a logon session switches between two ASNs owned by the same ISP it's not treated as an anomalous change. I think this is pretty safe (at least for US based ISPs) and would greatly cut down on noise.