For example one of the default rules are "Multiple failed logons" with matching parameters of a number threshold and time period. I'd like to add an additional parameter of a specific user account or group of accounts.
I can't figure out how to add this to the XML of the rule so that it will match all criteria. If anyone has the XML syntax for this type of rule that would be helpful.
Thanks.