Hi,
Please tell me how to implement this required alert.
For example, in Discover there is an index pattern vazuh-alerts* in which we filter data by the following fields: "data.win.system.severityValue:AUDIT_FAILURE" and "data.win.eventdata.targetUserName:?????". It is necessary that the alert comes to the mail if the same values/names are found in the field "data.win.eventdata.targetUserName" for example more than 100.
