Hi ,
I need urgent help in creating NetWitness rule as below:
1- MS DC users who logged in during a specific time frame (e.g. from 6:00PM-to-6:00AM).
2- MS DC users who upgraded into admin.
3- MS DC users who did brute-force attempts.
Looking forward to hearing from you asap
Haitham
Hi ,
Any help please?