Hi,
I’d like to know if it’s possible to create a stream with the following condition:
If specific user perform 10 failed logons within 5 minutes.
Thanks.
That’s possible if you’re using a fixed “user” attribute. Simply send all messages with failed logins of user X into a new stream and create that alert condition (“10 messages in this stream in the last 5 minutes”) for it.