I am trying to find a query or filter to help me solve an issue. I have MFA logs coming into Elastic and I am trying to create an alert to let me know when an account authenticates using a phone number that is already used by another account. Is there a query or filter that I can use to achieve this search.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
Hi @vpolius,
I would recommend if you can share the sample JSON document of MFA logs which saved in Elasticsearch ? and what output you expecting by performing filter query on it?