Extrahop email alert for a single client IP

How do we capture Extrahop email alert for a single client IP (We have to ignore some alerts which are hit by our Security team)

Hi, @chandu . Can you clarify the specific activity for the client IP that you’re interested in alerting on?

Hi Shaundavid,

Thanks.
In Extrahop alert we need to find out errors for specific application is from single client or multiple clients with out manually checking.

is this something possible in Alert or trigger?

-Naga

Hi Guys,

can some one help here asap as it needed for monitoring for prod incident?

-Naha

I can’t think of a good way of accomplishing this without a fairly complicated trigger which uses the session table to record clients that have been seen before.

If you didn’t need the alert, then you could use the distinct metric type, which estimates the number of unique items. For example, you could create a trigger on the HTTP_RESPONSE event and call metricAddDistinct() for errors. Unfortunately, alerts are not yet supported for the distinct metric type.

Ok Webslinger, thanks for the confirmation