Currently, all alerts generated by the Attack Surface Analyzer (ASA) are fully predefined and cannot be customized. Unlike standard ADAudit Plus alert profiles, there is no way to:

• Suppress false positives for specific accounts, computers, or OUs (e.g. whitelisting service accounts from Kerberoasting alerts)
• Configure notification recipients or channels per alert type

Use case:

In environments where certain privileged service accounts intentionally use configurations that the ASA flags, administrators have no way to suppress specific false positives. This leads to alert fatigue and reduces the operational value of the ASA.

Requested improvement:

Please introduce a management interface for ASA alerts that allows administrators to:

1. Define exclusions (specific users, computers, OUs) per alert rule
2. Configure notification targets per alert type

This would bring ASA alerts in line with the flexibility already available elsewhere in ADAudit Plus and significantly improve day-to-day usability.