Hi, I've created my own detection rule for employees failed login attempts. It does work but when signal comes to Security -> Detection dashboard, it do not show user.name or host.name.
This is screen shot of my rule:
Is there a way to update my rule that it would show user.name or host.name?
This is a screen shot of fired signal: