Conditional actions enables alerting

Thanks to the conditional block, we can create proper alerts. A simple example:

Example1: send a report after comparing values from two websites

• Capture a string/numeric value from a website
• Capture numeric/string value from another website
• Compare the two
• Skip sending the report if condition is met

Capture a string/numeric value from a website

Capture numeric/string value from another website

Compare the two

Skip sending the report if condition is met

Example2: alert if a numeric reading is above/below a threshold

This is useful for brute force attack detection, or any other alerts about high log event count over time.

• Capture Kibana discovery query results “count” for the last hour
• Compare if this value is > 1 million
• Send the report (notify the system admin)

Capture Kibana discovery query results “count” for the last hour

Compare if this value is > 1 million

Send the report (notify the system admin)