More than 100 duplicate alarms are generated in 1 minute, what can be done to suppress duplicate alarms and display only one of the duplicate alarms?
Hello!
Is this rule a custom query rule?
If it so, this documentation page describes how duplicated alerts can be addressed for this type of rule: Suppress detection alerts | Elastic Security Solution [8.6] | Elastic
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.