Need to create a correlation rule to alert on continues failed logins fallowed by a successful login into portal from the same username using SQL DB logs. Whether we can achieve the same?
Add two statements using follow by operator. First staement should monitor failed attempts and the statement following it should monitor success attempt. Finally enable multithreading on username variable
Hi, Thanks for the response, I have tried a lot and I couldn’t able to find the unique attribute which will represents the successful and failed logins into portal in SQL logs. Do you have any idea, like which attributes can meet the correlation rule?
