[Elastic Security/SIEM] - Detect if a source IP contacts more destination IPs or more destination ports

Hi all,

I'm new to Elastic and I need to make a detection rule that detects if more than 200 unique destination IPs were accessed from same source IP
and if more that 400 unique destination ports are accessed from same source IP.
Is it possible in Kibana with a single rule? From Threshold rule documentation: "Nested fields are not supported for use with Group by."

A workaround was creating two different threshold rules:

1st rule:
Custom Query:
source.ip: x.x.x.x/y and event.category : "network"

Group by:
source.ip destination.ip >= 200

2nd rule:
Custom Query:
source.ip: x.x.x.x/y and event.category : "network"
Group by:
source.ip destination.port >= 400

Is there any other workaround?
If not, we need to work with 2 rules.

Thanks in advance.