Currently GWIA's (and supporting infrastructure) intruder detection is an all or nothing, where if an intruder tries to brute force attempt to log in, the legitimate user gets blocked.
We need a method within GWIA to block only the intruder attempts while letting the user still use the system.
A current work around is but this would work much better if it was built in to GWIA to handle directly without waiting for the attack to show in the logs.