Hi,
In the IDR Detection Rules is it possible to build a rule to detect something AND something else in the same rule?
As an example, can a rule be created to detection 10 failed authentication attempts followed by a successful one within a specific timeframe?
Thanks,
Trevor