I am trying to configure an alert to email admins whenever there is a new user connecting to a VPN.
I am fairly new to the Elastic platform and need some assistance in creating these alerts.
The only pre-built alert I see is for MacOS.
Any help on this is greatly appreciated.
Are you collecting VPN access logs with some beat?
There are many modules in filebeat that can help you in this connection log collection. Once the log is in your Elasticsearch, you can create alerts via Watcher using kibana:
Watcher | Kibana Guide [8.1] | Elastic