Using Relative Time in the rule to create alerts

Hi,

I wanted to understand a way where

  1. We can use relative timestamps inside a rule to generate alerts in respect to the time we have received a certain kind of log.
  2. Not generate an alert for the logs whose vulnerability has already been fixed (we have received "fixed" logs in the SIEM).

For example - We have a vulnerability scanner which sends logs for every vulnerability found and a log for every vulnerability fixed. I want to make sure that I generate an alert after every 14 days that vulnerability (log was created in the SIEM) is still not fixed. There needs to be a query which removes the vulnerability log which has already been fixed and generate alerts for the rest of them.

Thank you!