I am creating data for cybersecurity, specifically brute-forcing.
Certain event codes within Windows would be used to define a brute force login attempt. As an example, if there are 5 iterations of bad passwords (EventCode 4625), this would be considered brute force. (The logic for whether 5 or more password failures occurred is handled within Splunk.)
I have created a custom list of various login-based Event Codes that Mockaroo can choose from.
The goal is for the next row of data to be influenced by the previous row.
Example:
In each row, a random number is generated between 0-1 and if it is 1 and the previous row had an EventCode of 4625, then the current row will also be 4625, else Mockaroo chooses from the custom list of EventCodes.
The only solution I could think of was to create more 4625 items within the custom list. In doing so, this increases the odds of a 4625 event being chosen at random. However, I would prefer to not do this as shown below: