hilt86

{
  "trigger": {
    "schedule": {
      "interval": "300s"
    }
  },
  "input": {
    "search": {
      "request": {
        "search_type": "query_then_fetch",

hilt86

{
  "query": {
  "terms":{"system.auth.ssh.event":["Failed","Invalid"],"boost":1}
  }
}

hilt86

Keybase proof

I hereby claim:

• I am hilt86 on github.
• I am hdemeillon (https://keybase.io/hdemeillon) on keybase.
• I have a public key ASCOOzKiDQT688lmmiH4CzgzwapzAO6b7Iyq1VdlDnzXlwo

To claim this, I am signing this object: