You can't really do these things directly in a filter as filters don't give you the correlation time options that you have when creating rules. What you could do is create rules that match these items and have the rules infer an event. Then create filters to look for these inferred events.
↧