Thanks to the conditional block, we can create proper alerts. A simple example:
Example1: send a report after comparing values from two websites
-
Capture a string/numeric value from a website
-
Capture numeric/string value from another website
-
Compare the two
-
Skip sending the report if condition is met
Example2: alert if a numeric reading is above/below a threshold
This is useful for brute force attack detection, or any other alerts about high log event count over time.
-
Capture Kibana discovery query results “count” for the last hour
-
Compare if this value is > 1 million
-
Send the report (notify the system admin)
