I want to alert when there is some number of windows authentication failure events within certain period of time. Can somebody help me with the code? i am new to this.
hey,
maybe you can share what you tried so far? This would make it easier to guide you into a direction. From what I imagine, you need to execute a query that filters for events in the last few minutes and that are a login failure. For beginners you can use the total number of documents as an indicator if you want to trigger an alert.
--Alex
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.