Spike in failed logon events ML rule alerting

Hi everyone

I am experimenting with the ML learning rule that alerts when a spike happens in failed logon events. I did a RDP bruteforce from kali to windows in the bruteforce the password did get guessed so the host is actually compromised. The alert just gives a low severity alert so it would be better if another alert gets send if a successful logon happened during the spike.

What would be an easy way to do this?

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.