Hello everybody, I was wondering if there is any way to add a
correlation rule expression to correlate consecutive events from the
same targetUserName. For example "Three consecutive failed logins from
the same user".

I'm working with Sentinel 7.2

Thanks in Advance


--
mmarchese
------------------------------------------------------------------------
mmarchese's Profile: https://forums.netiq.com/member.php?userid=1311
View this thread: https://forums.netiq.com/showthread.php?t=52492