Create an alert based on triggered alerts
All of the alerts triggered in your domain are saved in a single table called siem.logtrust.alert.info. By querying the data in this table you can access the complete history of alerts and therefore create an alert based on other alerts.
You just need to perform the necessary operations and apply the necessary filters as you would do in any other table to prepare the data. Then, you have to follow the procedure explained in the article Creating new alerts and select the triggering method that better suits your needs for the kind of alert you want to create.
For example, you may want to be notified when a set of related alerts all occur within a short period of time or if a single alert triggers more than n times in a single hour.
Related Articles: