Synopsis
The LCE reports VPN connections coming from an IP address that does not match one of a user's typical IPs.
Description
For VPN users, the LCE maintains a list of the first few IPs from which the user connects, and considers these normal. A connection from the user outside of the normal list will be reported as an unusual VPN connection. For a more detailed report, please review the realtime logs under the 'login' event type for this system.
