3 Replies Latest reply on Dec 2, 2016 7:57 AM by silverwolf

    correlation rule for windows login


      Dear Friends,


      I just want to create a rule for windows domain controller login attempt.

      if three failed attempts from same machine and then passed logon attempt from same machine, should alert a rule.


      Please help..