The Alerts Grouping Settings page lets you create grouping rules controlling the exact type of alerts which are grouped together into cases, Alert Type: For example, a phishing alert.
However, when reviewing the provided dropdown list, it only shows unique alert names, not types.
Is it possible to configure a type for each alert?
We handle multiple clients across different SIEMs, each with its own alert naming conventions. If the dropdown is based on alert names, why is it labeled "alert type"? Is there a way to configure a type for each rule generator?QRadar SIEM Example
In QRadar, each alert or rule generates a unique offense ID along with the alert name. This makes it impractical to configure grouping based on types, as the current mechanism is driven by specific identifiers.Feature Request: Tag-based Grouping
Would it be possible to introduce a new criteria option in the mechanism settings based on tags? This enhancement could improve flexibility and allow better alignment across varied systems and client environments.