Can we use if else then in outcome section in Native dashboard like working the hours. Iām getting on this.
if (timestamp.get_hour($timestamp, "UTC") >= 1 and timestamp.get_hour($timestamp, "UTC") < 17, 50)
If else then
+14- Bronze 5
Hi @Omskirt,
Does the below search provide a proof-of-concept of what you need In the below example image I've modified the '1' for the first 'timestamp.get_hour' to '5', just for demonstration purposes.
metadata.log_type = "AWS_CLOUDTRAIL"
metadata.event_timestamp.seconds = $timestamp
metadata.id = $EventID
(timestamp.get_hour($timestamp, "UTC") >= 1 and timestamp.get_hour($timestamp, "UTC") < 17)
match:
$EventID
outcome:
$EventTimestamp = array_distinct(timestamp.get_timestamp($timestamp, "%F %T", "UTC"))
$GetRiskScore = max(0 + if(timestamp.get_hour($timestamp, "UTC") >= 1 and timestamp.get_hour($timestamp, "UTC") < 17, 50, 0))
Kind Regards,
Ayman C
+7- Bronze 2
Oww, I see I need to declare the timestamp in outcome sections I always thought in could be in outcome only. I understand now. Thank you so much
Login to the community
Login with SSO
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.