Watch for Login failure in windows events with watcher

I want to alert when there is some number of windows authentication failure events within certain period of time. Can somebody help me with the code? i am new to this.


maybe you can share what you tried so far? This would make it easier to guide you into a direction. From what I imagine, you need to execute a query that filters for events in the last few minutes and that are a login failure. For beginners you can use the total number of documents as an indicator if you want to trigger an alert.


This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.