Customer hingehealth-wdepksct has requested the following:

Given a load balancer with a rate limit policy that cuts off clients I need slack notifications when aggregates of this particular kind of security event is detected. It looks like Slack requires and Alert the most fine grained filter I can Alert on is a ServicePolicyTooManyAttacks alert which doesnt contain enough detail to determine that this came from the rate limiter policy. Is there a way to define a custom Alert that represents an aggregate of some security event filter? I'd suggest you could generalize this sort of 'custom alert' by aggregating on any events (such as security events) defined by a filter similar how we can define filters on the events view. This would allow for highly selective alerts that could be configured aggregate on specific values from the event records selected by the filter. Would be a powerful feature.