For example, Rule Test with the following query : device.type =
"winevent_nic" && alert.id = "access:privilege-escalation-success" &&
ip.addr = "13.101.134.216" returns 12 values. However, Rule Test with
the following query (same exact time range):de...