Closed TiNico22 closed 4 years ago
hello just wonder if u done some work in this to get it working in 3.2 ? nice plugin u done
is this plugin able to do a alert like this ?
(event_id:4625 AND keywords:"Audit Failure")
Threshold = 6 matches within 5min)
AND
(event_id:4624 AND keywords:"Audit Success")
Threshold = 1 match within 5min)
Alarm will be created when there will be at least 6 failed logon attempts and one successful logon within 5 min time span
Release 3.2.0 is compatible with Graylog 3.2
Add compatibility with Graylog 3.2 Replace #11 we plan to support 3.2 directly instead