Hello,

Please share a co-rule to detect failed login attempts on different
event sources(Databases, MS AD, vpn, Email Server) from a single source
IP within an hour.

Thanks a lot.


--
sharfuddin
------------------------------------------------------------------------
sharfuddin's Profile: https://forums.netiq.com/member.php?userid=1016
View this thread: https://forums.netiq.com/showthread.php?t=57481