So i have many alerts with the same cause (some maware send messages to C2) with the same source IP address. Can i aggregate such alerts in one (aggregation by source IP address)?
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.