Understanding Group by Entity or Hit

It's important to understand if you should group alerts by entity or by hit:

• Grouping by hit will generate an alert if a transaction or group of transactions trigger your model
• Grouping by entity/instrument will generate a single alert for all transaction(s) that involve the same entity/instrument

❗️

RULES IN THE DYNAMIC MODEL ARE GROUPED BY ENTITY ONLY.

GROUP BY HIT:

If a rule is configured to group by hit, then an alert is generated if a transaction or group of transactions trigger your model (rule).

If entityA is flagged by your model as a result of 1 fraudulent transaction, 1 alert will be created with a single flagged transaction. If entityA is subsequently flagged by your model as a result of 4 transactions, this group of 4 transactions will generate a single new alert.

GROUP BY ENTITY:

If a rule is configured to group by entity, then when new transactions are flagged, they will be merged into an existing alert if one exists about the entity/instrument or a new one will be created.

• A single alert is generated for all transaction(s) that involve the same entity/instrument.
• If you do not close an old alert that is related to the entity/instrument in the flagged transaction(s), then the new hits will be added to that existing alert.

If entityA is flagged by your model during 5 transactions, only 1 alert is created and within that alert there will be 5 flagged transaction entries (in the hit tab). If entityA is flagged again by the same model, the same alert will be updated with the new transaction entry (for a total of 6 transactions in the hit tab). If the alert is "closed", a new alert if created.