    Help with Automatic response aggregation and grouping


      i have an issue where we get 10000 alerts from one system and i am alittle confused about how to setup aggregation, i've tried a few scenarios with no success.

      will this automatic response aggregation, group all threat events from a single systems into one alert per system within 30min?

      the reseaon why i ask is .. i dont want the same threat alert multiple times from the same machine..