Hi,
I created an alert to list attempts of brute force attacks.
Something like:
"source="WinEventLog:Security" EventCode = 4771 | transaction user, ip maxpause=10s | table user, ip, eventcount | WHERE eventcount > 10"
I am running the search in real-time and I can see the results but my alert is not working! The alert is configured in real-time and the trigger's condition is configured per-result, but I still don't receive any e-mail alert.
Best Regards,
Lopes.
↧