we would like to enable Account Lockout in Active Directory with this policy: 15 failed logon in 10 Min will be lockout.
Upfront we would like to simulate which user will be hit by this policy .
we use WinlogBeat to collect the data . The field we need to simulate is user.name together with Timestamp.
The challenges here is that we need to create kibana virtualization that sum up all the count for each user in 10 min in every minute .
we could see there is possibility called "moving average" but we can not make it work.
Could you please help up with that.