Multiple failed attempts of NetBackup login

NetBackupAlerts_CL
| where operation_s contains "LOGIN" and Message contains "authentication failed" 
| extend userName =  split(userName_s, "@")[0]
| extend host = split(userName_s, "@")[1] 
| summarize Total=count() by tostring(host)
| where Total >= 5

id: d39f0c47-2e85-49b9-a686-388c2eb7062c
suppressionEnabled: false
eventGroupingSettings:
  aggregationKind: SingleAlert
triggerOperator: gt
OriginalUri: https://github.com/Azure/Azure-Sentinel/blob/master/Solutions/Veritas NetBackup/Analytic Rules/NetBackup_many_login_fail.yaml
entityMappings:
- fieldMappings:
  - identifier: HostName
    columnName: host
  entityType: Host
requiredDataConnectors: []
queryFrequency: 15m
suppressionDuration: PT5H
queryPeriod: 15m
status: Available
incidentConfiguration:
  groupingConfiguration:
    enabled: false
    reopenClosedIncident: false
    matchingMethod: AllEntities
    lookbackDuration: 5h
  createIncident: true
query: |-
  NetBackupAlerts_CL
  | where operation_s contains "LOGIN" and Message contains "authentication failed" 
  | extend userName =  split(userName_s, "@")[0]
  | extend host = split(userName_s, "@")[1] 
  | summarize Total=count() by tostring(host)
  | where Total >= 5  
name: Multiple failed attempts of NetBackup login
kind: Scheduled
tactics:
- CredentialAccess
- Discovery
severity: Medium
relevantTechniques:
- T1110
- T1212
triggerThreshold: 0
version: 1.0.0
description: This rule generates an incident when there are more than 5 failed login attemts for a given host in the last 15 minutes.