@RSAAlert in Advanced EPL
@RSAAlert is an annotation that's required to generate alert notifications.
oneInSecords is a legacy annotation and only applies to SA 10.3. It used to be Security Analytics’ notification suppression.
Please find more information on @RSAAlert from https://community.rsa.com/docs/DOC-80047.
Thank you very much James! I have read the article before, but it doesn't mention about the oneInSeconds parameters. I wonder if there is any way to suppress an alert output beyond the 100 minutes of the notification box restriction.
Maxi, have you tried the "output first every X hours" on the advanced EPL Rule? You can combine it with the identifiers attribute on the @RSAAlert.