Hi,
I'm new in elastic search, my question is I need filter my logs for successful brute force attacks. The criteria that i'm using: I want logs that have the same time intervals (Mirror Time), Have more than three authentication failure, and have logged in successfully after the 3rd authentication failure.
What I need help with is a filter script query that cane give those logs, if i am using a wrong criteria please correct me.