Explanation required for a rule in plain English
Can someone please explain me, what this rule (in screenshot) will detect.?
Purpose: To detect a shutdown event from symantec incase a stratup event is not detected within 2 minutes. Aggregation is set as 1 match within 2 minute. I just need to understand the 1 event in the aggregation tab which it will look for within 2 minutes and if it's 2 events within 5 minutes, when the conditions will be met and it will trigger?