Hi,
I created an alert to list attempts of brute force attacks.
Something like:
"source="WinEventLog:Security" EventCode = 4771 | transaction user, ip maxpause=10s | table user, ip, eventcount | WHERE eventcount > 10"
I am running the search in real-time and I can see the results but my alert is not working! The alert is configured in real-time and the trigger's condition is configured per-result, but I still don't receive any e-mail alert.
Best Regards,
Lopes.
I am running the search in real-time and I can see the results but my alert is not working ///
-are you seeing more than 10 events or less? also,
-can you double check the email notification settings?
---- the alert email is it set for number of results or hosts or ...
Hi inventsekar, thanks for your reply.
User IP
John.carl 10.10.10.10
richard-grey 8.8.8.8
PAUL 10.11.11.11
My alert is configured to send mail by result, in this case, for example, I have 3 results, but I am receiving just 1 mail with 1 result, for example, PAUL 10.11.11.11.
What about the other users?
Best regards,
Lopes.
Hi Lopes,
Not sure if you set your mail server settings correctly?
Settings -> server settings -> Email settings