Hi, I am new to ossec, I would like to write a rule that will check for an occurrences when a rule is fired and if it is fired at a certain rate, do something.
A scenario, I would like to write a rule that monitors all alerts and if I found more than 5 identical alerts from the same machine, then raise the alert level and silent the corresponding rule for 1 hour. Is this possible? Thanks! -KH
