I want to write a rule and create a dashboard for active directory user activity (log off, logon, lockout, invalid login attempts etc). How can I write a rule to achieve it?
With a Log Decoder in the environment, you can utilize the following Informer rules that are available from CMS through Live Manager.
Logoff Activity Top 25
Logon Failures Details
Logon Failures Top 25
Retrieving data ...