Hello Community;

Please show me some help on writing a rule on Kibana interface.

I want to detect users who are failed to logon 5 times to their account.

i've already detect failed logon attempt based on EventID = 4625

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.