Is there a way to apply multiple Thresholds in a single rule?
example:
More than 10 Identical event.actions on more than 10 destination.hostnames in a span of 10 minutes
Threshold 1: Results aggregated by event.action >=10
AND
Threshold 2: Results aggregated by destination.hostname >=10
AND
Threshold 3: Results aggregated by @timestamp <= 10 minutes