Re: Ways to mark/categorize alerts in threat analyzer as new alerts or persistent
This is to know if the detection has come from the newly updated signature set.
Or i.e. a traffic that wasn't blocked before is suddenly being blocked, we could check the RTTA and see if what's been triggered is new or not. Could belong to an old sigset but was just detected for the first time or a newly added signature.