I'm interested in developing an anomaly detection rule in Chronicle. This rule should monitor for a particular event across multiple users over a set period. If any user, who hasn't triggered this event within that period, does so afterward, we want to be alerted. Does Chronicle support this type of time-based, user-specific event monitoring and alerting?"
I've tried utilizing the match section, but it doesn't seem to do whats needed.
"Anomaly" Based Detection
Login to the community
Login with SSO
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.