Looking to alert based on the following scenario:
Event 1: Device: XYZ, Status: Clear, SHA: 12345, Time: 12:30 Event 2: Device: XYZ, Status: Blocked, SHA: 12345, Time: 12:15 Event 3: Device: ZZZ, Status: Blocked, SHA: 34567, Time: 12:10 Event 4: Device CCC, Status: Blocked, SHA: 45678, Time: 12:00
Alert for Event 3 and 4, but not for Event 1 or 2 since the status changed from Blocked to Clear within a certain timeframe, say 30 min, and the Device and SHA match.
Any help appreciated!
... View more