Is your feature request related to a problem? Please describe.

Documentation for volume_anomalies lists hour as an option for configuring detection_period. However, configuring detection_period using hour results in compilation error: Missing mandatory configuration: ['backfill_days']

Describe the solution you'd like

Elementary tests like volume_anomalies test allow configuring time_bucket by the hour. I would like to be able to configure the detection_period using the hour option so that I can arrange for test runs such that anomaly alerts are emitted based on test failures of comparing the row count of the most recent hourly time bucket of detection_period against row count of time buckets for the last training_period days.

Describe alternatives you've considered

Introduce a new CLI option --hours-back for edr monitor to optionally set a number-of-hours limit to how far back should edr monitor look for pending alerts. If provided, it overrides --days-back.

I have a POC implementation that seems to work. PR to add optional --hours-back for edr monitor here.

Additional context

None.

Would you be willing to contribute this feature?

I am open to contributing to this feature and would appreciate any guidance you can provide.