Find success login after 10 failures with streamstats

datamodels
iv.shamanow
You already voted!

If you have the Authentication data model configured you can use the following search to quickly find successful logins after 10 failed attempts!

| from datamodel:"Authentication"."Authentication"
| search action=failure or action=success
| reverse
| streamstats window=0 current=true reset_after="(action=\"success\")" count as failure_count by src
| where action="success" and failure_count > 10

Share This:

Tagged: datamodels Security streamstats

Leave A Comment? Click here to cancel reply.

Newest | Active

Sanjai

Active 4 days, 1 hour ago
bewafaha

Active 6 days, 10 hours ago
sadloveshayari

Active 1 week ago
hivatatt

Active 1 week, 4 days ago
yogesh shingate

Active 1 week, 5 days ago