It would be nice to have some sort of customiseable (so it can be adjusted/disabled in config at user's will) alert suppression mechanism.
For example, if there was more than 3 alerts within the last 20-seconds, just display another one with a message like 'More alerts suppressed, please see the C:\Program Files\Attack Monitor\logs\2019-05-13.txt log file for more details'. And add an option for how long to ignore alerts from being displayed after such threshold is reached. This could help prevent situations when (I experience this especially after wakeup from sleep) bunch of alerts queue up and it takes several minutes to get rid of them by clicking one after another, which at the same time can impede GUI usage of other active windows (e.g. web browser, that's exactly the spot where my 'full screen' option is on youtube/netflix :P).
I do understand this is a part and parcel of the early stage of learning so should gradually be less of a problem once proper learning rules are added in learning mode, however I do realize every system is unique and therefore everyone needs to adjust their own normalcy rules individually, so more users will face this issue regardless to the maturity of the pre-defined exceptions.json file coming with the installation.
It would be nice to have some sort of customiseable (so it can be adjusted/disabled in config at user's will) alert suppression mechanism.
For example, if there was more than 3 alerts within the last 20-seconds, just display another one with a message like 'More alerts suppressed, please see the C:\Program Files\Attack Monitor\logs\2019-05-13.txt log file for more details'. And add an option for how long to ignore alerts from being displayed after such threshold is reached. This could help prevent situations when (I experience this especially after wakeup from sleep) bunch of alerts queue up and it takes several minutes to get rid of them by clicking one after another, which at the same time can impede GUI usage of other active windows (e.g. web browser, that's exactly the spot where my 'full screen' option is on youtube/netflix :P).
I do understand this is a part and parcel of the early stage of learning so should gradually be less of a problem once proper learning rules are added in learning mode, however I do realize every system is unique and therefore everyone needs to adjust their own normalcy rules individually, so more users will face this issue regardless to the maturity of the pre-defined exceptions.json file coming with the installation.