Hi I am pretty new with Elastic search.
We gather WIndows AD Auth logs from DomainConrollers. We want to set up a watcher to query 10 user failed authentication attempts in 2 mins. Attempt count will be 1x. Can you please help me with the query?
Thanks in advance!
https://github.com/elastic/examples/tree/master/Alerting/Sample%20Watches has a number of examples that might help you build what you want.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.