Hi Guys,
we would like to enable Account Lockout in Active Directory with this policy: 15 failed logon in 10 Min will be lockout.
Upfront we would like to simulate which user will be hit by this policy .
we use WinlogBeat to collect the data . The field we need to simulate is user.name together with Timestamp.
The challenges here is that we need to create kibana virtualization that sum up all the count for each user in 10 min in every minute .
we could see there is possibility called "moving average" but we can not make it work.
Could you please help up with that.
I mean in every minute must look to the next 10 minute to see if the sum of the count(Failed logon) for each individual user is more than 15 times.
For example let say I am looking the failed logon from 10:00 to 11:00
10:00 to 10:10 --> take a look at each individual user and sum up all the count for failed logon
10:01 to 10:11 --> take a look at each individual user and sum up all the count for failed logon
10:02 to 10:12 --> take a look at each individual user and sum up all the count for failed logon
...
11:00
I hope I could explain my issue .
Thanks for your time.
Thanks for the link. But I do not want any watcher or Alert. What I want is to create Dashboard and look for historical data. I will be appreciate if you could help with that.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.
We aren't all guys though 