I would like to receive alarms for failed Active Directory logins. I currently have both our DC's added to OSSIM and am getting logs via NXLOG. I have created a directive as per blow screen shot but no alarms are generated.
Has anyone else set up something similar for failed AD logins ? or can anyone see something that I might have missed ?