Manage Denied Login Locations

If the Denied Login Locations rule is configured, alerts are generated only for sign-in attempts from listed countries.

Note: If this rule is configured, the option to configure Approved Login Locations is disabled.
These resources are required:
  • Administrator permissions for the Arctic Wolf Unified Portal.

    You must be a primary or secondary contact. If you require this level of access, submit your request to a primary or secondary contact in your organization, or click Request an Update. For more information, see Request an alert configuration rule update.

  1. Sign in to the Arctic Wolf Unified Portal.
  2. In the navigation menu, click Organization Profile > Alert Configuration Rules.
  3. Click Manage Configurations.
  4. For the Restricted Country User Allowlist rule, under Actions, click Create Configuration or View.
    The option that appears depends on whether this rule is already configured.
    Note: Time-related fields and suppressions default to Coordinated Universal Time (UTC) and not your local timezone.
  5. Do one of these actions:
    • To edit an existing entry — In the corresponding table row, under Actions, click Edit.
    • To add a new entry — Click Add Entries .
  6. Edit the list of approved countries:
    • To add a country — In the Add Countries field, start typing the name of a country, and then select a country from the list.
    • To remove a country — Click for a country listed under the Add Countries field.
  7. Optional: To configure start and end dates for this entry, in each date field, click Calendar and select a date.
    Tip: The rule will expire on the end date. For example, if the selected end date is March 16, the rule will be effective on March 15 and will stop being effective on March 16.
  8. Click Apply.