I know about time of day sets, this does not help. Basically I need a scheduled task to run on LEM daily.
Our issue is email alert overload. We want an alert is a machine tried to go to a bad address that we have a sinkhole setup for. Only if we setup the rule one pc could trigger from 1 to thousands of events, which would translate to thousands of emails.
A Work around would be to have an action to put the source pc into a user defined group, and exclude that group from the alerts. This would allow for one email to go out.
However I need another rule to the remove the pc from the group to reset the trigger. And there are no clear events for this, thus I want a rule to clear the group on a daily basis.
unless there is a way to write the rule to only trigger once within a set period.