Good day: Given the following rule
<rule id="180000" level="11">
<if_sid>18107</if_sid>
<match>Logon Type: 10</match>
<description>Windows RDP Login.</description>
<group>authentication_success,</group>
</rule>
What could we add so that if the "User Name" is not a specific value
AND the "Source Network Address" is not a specific value, that an
email is triggered to a specific email address?
Thank you.
