Is there a way to create a custom alarm definition to monitor and email whenever a failed login attempt is detected? I have scoured through the new alarm trigger settings but can't seem to find anything for this. I have found the "No access for user" and "Invalid user name" event triggers, but that still doesn't detect failed login attempts (e.g. Cannot login DOMAIN\user@192.168.1.25 error 3/5/2015 11:59:38 AM DOMAIN\user). I've also played around with the "User login" event and tried setting the Advanced Conditions but I can't seem to produce anything. Has anyone done this before in the past and if so how did you do it? Any guidance with this is greatly appreciated.
↧