HI Everyone
We have password management system(PMS) store all admin password, the user normally needs to retrieve the password from PMS then RDP to the server. I want to detect the user who logs in the server without retrieving the password from PMS.
I find this condition in rule wizard "
and when
these rules match at least
this many times in
this many minutes after any of
these rules match" and I want to make sure the windows logon event username is same as the password retrieve event, any suggestion on how to compare these two fields in two event? is the "this property equal this property" condition works from my situation?
Or is there any other suggestion on how to implement this?
Thank you for your help
------------------------------
Linsong Guo
------------------------------