AnsweredAssumed Answered

Need Help regarding a query.

Question asked by RSA Admin Employee on Sep 12, 2015
Latest reply on Sep 16, 2015 by RSA Admin



I am trying to make a query to drill down  the brute force login events. The condition for the brute force event is 20 failed logins within a period of 60 seconds. I'm trying something like this'User.Activity.Failed Logins' && duration.str = '60'

but of no results. Can somebody help me to make build such a query? Also it would be nice if you provide some references for mastering the query making.


Thanks in advance,