**Phase 1: Completed pre-decoding.
       full event: 'Jan 28 20:36:33 enigma sudo: dcid : 3 incorrect password attempts ; TTY=ttyp0 ; PWD=/home/dcid ; USER=root ; COMMAND=/bin/ls'
       hostname: 'enigma'
       program_name: 'sudo'
       log: 'dcid : 3 incorrect password attempts ; TTY=ttyp0 ; PWD=/home/dcid ; USER=root ; COMMAND=/bin/ls'

**Phase 2: Completed decoding.
       decoder: 'sudo'

**Phase 3: Completed filtering (rules).
       Rule id: '5404'
       Level: '10'
       Description: 'Three failed attempts to run sudo'
**Alert to be generated.


