I created an alert to list attempts of brute force attacks.
"source="WinEventLog:Security" EventCode = 4771 | transaction user, ip maxpause=10s | table user, ip, eventcount | WHERE eventcount > 10"
I am running the search in real-time and I can see the results but my alert is not working! The alert is configured in real-time and the trigger's condition is configured per-result, but I still don't receive any e-mail alert.
I am running the search in real-time and I can see the results but my alert is not working ///
-are you seeing more than 10 events or less? also,
-can you double check the email notification settings?
---- the alert email is it set for number of results or hosts or ...
Hi inventsekar, thanks for your reply.
My alert is configured to send mail by result, in this case, for example, I have 3 results, but I am receiving just 1 mail with 1 result, for example, PAUL 10.11.11.11.
What about the other users?