.png)
Is there any way to fire an alert when a condition is true for 2 days (or any amount of time)?
The idea is to create an alert that is activated when an entity matches a status for a certain amount of days
0
Answers
-
Hi! Thanks for your question. I think we arrived on this as the alert:
FIND cbdefense_sensor WITH status='BYPASS' AS CBS
THAT HAS AS R
jupiterone_rule_alert WITH name = "given alert" AS JRA
WHERE R._createdOn < date.now - 48 hours
RETURN CBS.displayName, JRA.name, R.* Kind of specific to your scenario but should be replicable with some name changes.0
This Month's Leaders
Categories
- 336 All Categories
- Featured Categories
- 7 About the AskJ1 Community
- 11 Product Announcements
- From Mission Control
- 1 Rapid Response
- 3 How J1 Uses J1
- Topics
- 131 Asset Management
- 56 Compliance & Reporting
- 65 Security Operations
- 40 Security Engineering
- 5 Open Source
- 18 News, Careers and More