have you saved and rolled out? Maybe check first in events to make sure the signature IDs do trigger five times in 30 mins?
Well i've tried that as it's a common problem . I've tested further and the correlation doesn't work only for short signatures like:
However it works normally with the normal full length signature like:
I did additional test and it seems that the alarms will be triggered based on both type of signatures but the correlation would not