I am curious if it's possible to use LEM to create state based events out of logs which generally are not state based.
As an example...
I want to a log that comes in to trigger an alert. I want that alert to continue to send out alert emails every 30 minutes until the alert is re-armed. I want a different defined log to re-arm the alert.
In my specific case these are Fortinet VIP out-of-pool events. I need to trip an alert when a log comes through indicating an IP has dropped out of the pool and re-arm the alert when the log comes through indicating the IP has been re-added.
Is this currently possible in LEM?