How do i watch and alert when there is a number of authentication failed events within a period of time. Can somebody help me with the code? I am new to this.
can anybody help me with it?
Hi, thanks for your message.
Do you have a time-based elasticsearch index that contains this information?
If yes, did you create a dashbosard on top of it?
i have date based index. I didn’t create any dashboard. Do i have to create a dashboard or visual?
I am using elastalert at the moment for this scenario, but i wanted to do this with sentinl.
Can anyone please help me?