I'm interested in developing an anomaly detection rule in Chronicle. This rule should monitor for a particular event across multiple users over a set period. If any user, who hasn't triggered this event within that period, does so afterward, we want to be alerted. Does Chronicle support this type of time-based, user-specific event monitoring and alerting?"
I've tried utilizing the match section, but it doesn't seem to do whats needed.
"Anomaly" Based Detection
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.