Hello Team New to YARA L and i am trying to understand how to get a rule
to alert if there is a "new" event NOT followed by a "resolved" event in
a 5 min window. This is what I have currently : rule testAlert
{events:$new.metadata.event_status = "new...
