I have a scenario where I want all the 9 alerts from 9 detection rules to be grouped together in a single case. I am currently able to achieve grouping like 5 alerts in one case and 4 alerts in another case. But for some reason I am not able to group all the alerts together although I have the alert grouping logic set to:
Catagory: Alert Type
Alert Type: All the 9 alerts
Group by: Entities and all entites selected
Note that all the alerts are generated within 5mins of time interval and hence within the grouping logic
I understand that all the entities for all the alerts generated are not same, but I do want to group all the alerts from the specific detection rules to be grouped together. How can I achieve that? I am also fine if it can group all the alerts from a particular namespace together. How do I achieve that?
