Hi,
I would like create a rule in LEM that will give me an alert whenever it detects any logins failed or successful from external IP (Public IP). I plan to use the filter below (sample only for 10.0.0.0/8) but I think it would be more accurate if I can use CIDR notation but not sure if LEM currently supports it. Any inputs will be very much appreciated.
Thanks a lot!
Neil