on Apr 23, 2019Quite frequently when testing ESA alerts and output options / templates, I have wanted the ability to manually or repeatedly trigger alerts. In order to help with this type of testing, I created a couple ESA Alert templates to generate both scheduled alerting and manual, one-time alerts.
Each of these can take a wide variety of time- or schedule-based inputs to generate alerts according to whatever kind of frequency you might want. The descriptions in each alert have examples, requirements, and links to official Esper documentation with more detail.
I see the potential for quite a bit of usefulness with the Crontab alert, especially in 11.3 now that ESA Alert script outputs run from the admin server.
Lastly, I created these using freemarker templates (how the ESA Rules from Live are packaged) in order to ensure that the times and schedules used in the alerts adhere to proper syntax and formatting, but of course you should feel free to convert these to advanced rules if you like.
Hello Joshua,
Thanks for sharing these ESA rules with us. definitely i see usefulness of these when we are at customer place & want to test there custom Output actions/Templates within short time.
Btw, i imported these rules in my 11.3 lab & copied them to view the Syntax. but got this 'Syntax error in module. null'.
Also, does these rules fire on any collected log/packet meta?. As i cannot see the complete syntax.