Intelligent Alert Deduplication to Minimize Alert Fatigue

[osmontero]

Describe the feature

UTMStack should intelligently deduplicate alerts by automatically grouping repeated instances of the same alert—triggered on the same device with identical attribute values—into a single, consolidated alert. This feature should ensure that security teams are only notified once per unique event, reducing redundant notifications and streamlining incident response. The system should provide a summary of grouped occurrences, including timestamps and counts, to maintain visibility without overwhelming users.

Use Case

As a security analyst, I am often overwhelmed by a flood of duplicate alerts triggered by the same event occurring multiple times on a single device. This makes it difficult to prioritize real threats and increases the risk of missing critical incidents due to alert fatigue. With intelligent alert deduplication, I would receive a single, consolidated notification for repeated events, allowing me to focus on meaningful alerts and respond more efficiently to genuine security issues.

Proposed Solution

No response

Other Information

No response

Acknowledgements

• I may be able to implement this feature request
• This feature might incur a breaking change