We have a scanning tool that hits every SQL server with bad logins on a regular basis. this generates Sev 20 errors in the log, which si good. however, I don't really want to deal with a few hundred of these a week from a know source. Is there a way to scope the DBSS - SQL Server Fatal Current Process Error rule to exclude any error message that has "10.10.10.10" (Fake IP for or scanning tool) in the text of the error?