any ideas?
for IMDB in RE
select alert.name, alert.source, alert.signature_id
where alert.name exists && alert.source exists && alert.signature_id exists && alert.source='Event Stream Analysis' && alert.signature_id!='592d254bf280453f1bb37b3a'
times out and crashes RE.
alert.name exists && alert.source exists && alert.signature_id exists && alert.source='Event Stream Analysis' && alert.name contains 'Tier 1'
returns alert with tier 5
alert.name exists && alert.source exists && alert.signature_id exists && alert.source='Event Stream Analysis' && alert.name regex '%Tier 1%'
returns alert with tier 5
