I am trying to write a rule which is looking for failed logins for a user followed by no successful login in certain time period. If this gets true, alert me.
In this logic, I am using multithread on 'username' for the first statement. Even after making it 5k, it always says that the 'Max Thread Limit xxxxx Reached'. Post some investigation, i was able to figure out that this rule is also considering the usernames for multithreading which has successful logsins for this rule even though successful login is not a criteria here.
My question is, why enVision is doing a multithread on the usernames where a failed login didn't even happen? In this case, I am sure the thread Limit will always be reached.
Any comments or advise to correct my uderstanding (if wrong).