I have indexes in my Wazuh started with my_ubuntu_(creation date). It contains records about unsuccessfully login attempt to server. My task is creating alert when in index like this started writing information. Simply, when someone has failed login attempt i want to have an alert in Wazuh. I founded some information about creation rules and tried to find logs for rule field, but unfortunately i couldn't find. Can you please advice or provide some practise examples? Thnx
To have a solution for my problem