Create an alert based on triggered alerts
All of the alerts triggered in your domain are saved in a single table called
siem.logtrust.alert.info. Therefore, this data table contains a complete history of the incidences when any alert was triggered. By querying the data in this table, you can create an alert based on other alerts. For example, you may want to be notified when a set of related alerts all occur within a short period of time. Or if a single alert triggers more than n times in a single hour.