Skip to main content

I have a scenario where I want all the 9 alerts from 9 detection rules to be grouped together in a single case. I am currently able to achieve grouping like 5 alerts in one case and 4 alerts in another case. But for some reason I am not able to group all the alerts together although I have the alert grouping logic set to:
Catagory: Alert Type

Alert Type: All the 9 alerts

Group by: Entities and all entites selected

Note that all the alerts are generated within 5mins of time interval and hence within the grouping logic

I understand that all the entities for all the alerts generated are not same, but I do want to group all the alerts from the specific detection rules to be grouped together. How can I achieve that? I am also fine if it can group all the alerts from a particular namespace together. How do I achieve the usecase?

@Amitabha Das ,

 

OOTB the Google SecOps connector only supports working with entity grouping, but within the Alert object we have a parameter called “SourceGroupingIdentifier” (Settings → SOAR Settings → Advanced → Alerts Grouping then press on the + button).

 

It’s possible to force the platform to use this parameter for grouping instead of entities, but currently the connector doesn’t allow you to change the value that is set for it. So, it will require custom changes to the connector.

Terms & ConditionsCookie settingsAccessibility statement
Privacy Policy Terms of Service Gen AI Policy Community Guidelines Cookie Settings

© 2025 Google. All rights reserved.