We have a need to be able to merge incidents when multiple incidents are created for the same user action but discovered by various channels. Preferably, this would happen automatically, but a manual process would be sufficient.
As an example, when a user sends out a SSN, the endpoint creates an incident, and the network email creates an incident. This is a simple example but now 2 incidents were created for 1 action. When we go to pull metrics at the end of the month, we need to spend a considerable amount of time getting an actual count of how many violations we had. The reporting features are then limited to only internal consumption as we can't send these out to management without a lot of explanation.