I don't find the destination username metakey available for grouping alerts with incidents.
Many use cases, for instance 'Multiple login failures followed by a successful login' or 'Continuous login failures', etc. have users mapped uniquely to the destination user metakey.
This makes this metakey important for grouping alerts of a particular type or name.
Yet, this option is missing within an incident creation template.
Is there any way to group alerts to an incident by destination user?
Also, device ip is also not available as an option for such groupings.