SSIM: using wildcards in rule critera / lookup tables
I am trying to create a rule in SSIM 4.7.4 to trigger incidents for abnormalies such as account guessing attempts.
In my network, everyone's account is of a strict format for eg. "x0000x" where x = char, 0 = numeric digit. I know that databases such as MSSQL allows using such wildcards such as "%" and "YY".
Is SSIM capable of doing this also? It will be good as we can safely ignore login failure attempts with the same username format, but zoom in and target login failures with non-standard usernames.