Policy settings/event collection - differentiate public vs private network access

It would be great if we could limit network event tracking to just external access attempts instead of everything. Maybe have two checkboxes - internal network and external network, where internal network is defined as ips in the commonly assigned private network ranges typically used.

Howdy @yak990

This is a good idea. I expected you'd be able to accomplish this using event filters. However looking at it, I think you would need to add every IP address you want to drop and it doesn't seem very user friendly.

I've logged an enhancement request to add this feature here Hopefully we can relatively quickly add the option to drop private network ranges, and then later add a more complete filtering option that lets you specify networks to drop events from.

Thanks for the feedback, and logging the enhancement request!