Would like some advise on how to create a rule in Alerts > Configure > Rules.
I am using SA 10.4. I would like to create a rule that will trigger an alert, which will send an email to a designated address, when users with administrator-level login to a particular system. So far has not been successful. Below is the scenario:
1. Whether the attempt is either successful or failed. (Figure 2) AND
2. A user attempts to login using an administrative level username (Figure 3) AND
3. Also, this alert is based on a specified logon type (Figure 4), which is :
a physical/software-based login on a keyboard
b. via network
c. via RDP
A screen capture as below of the rule that i created.
The first condition as below
The 3rd condition