The Acoustic Ideas portal has moved! Please sign up for our new Ideas portal and submit your suggestions at https://ideas.goacoustic.com.
Tealeaf events support event count and event value. For numeric events this event value can then be used in reports to show the hourly event value sum and hourly event value average. However, event alerts only support event counts, not event values. This limits the use of these events. We would like the event alerts configuration to support event value sum and event value average.
How will this idea be used?
We calculate the suspicious score for a session based on various suspicious indicators. We get this score by determining, at the end of a session, which suspicion indicators were present, and then sum up all the suspicious indicators score components to determine a total score for the session. We want to use this score not just for reporting but also for alerting. For example: if the average suspicion score for "Application X" rises above 5 points then send a pro-active alert to the cyber team. Without this enhancement we can only alert on event count, ex. count the number of sessions with "score > 5". Note that this particular case is also dependent on TLONPREM-I-194, to enable support for alerting on end-of-session events. However, in general this enhancement request is not limited just to end-of-session events.
|What is your industry?||Banking|
|What is the idea priority?||High|
|Link to original RFE|