Sort of like "if X occurs, look and see if Y then Z occurs within a length of time. If not, no alert."
Or “If X, Y, and Z occur within a short period of each other, alert.”
I’m trying to sort out non-issue and false positive alert messages.
I know I can sort out messages through the pipelines, but they can’t do that over a length of time. Unless I’m mistaken.