3 Replies Latest reply on Dec 2, 2016 7:57 AM by silverwolf

    correlation rule for windows login

    reply.prak

      Dear Friends,

       

      I just want to create a rule for windows domain controller login attempt.

      if three failed attempts from same machine and then passed logon attempt from same machine, should alert a rule.

       

      Please help..