Where addresses within alerts can be reasonably correlated to belonging to the same subnet, for example the same /24, add support to alerting output to potentially generate a secondary alert indicating a probable bad subnet.
This would essentially be something like a reduction operation to output a subnet given an set of input elements.
Where addresses within alerts can be reasonably correlated to belonging to the same subnet, for example the same /24, add support to alerting output to potentially generate a secondary alert indicating a probable bad subnet.
This would essentially be something like a reduction operation to output a subnet given an set of input elements.