Hello,
I'm new in ELK
I want to create an alert if a windows user makes a successful login after he make 3 failed authentication
that's mean after 3 failed (4625 event id ) and 1 success (4624 event id ) he make alert
I use winlogbeat to collect log from windows machine
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.
