We have a requirement to not generate incidents for some alerts based on CI relationships and existing alerts. To do this we have tried to use a combination of Alert Correlation Rules and Alert Management Rules (basically do not generate incident if alert is correlated (secondary)). But this does not work and it seems that the problem is that the Alert Correlation Rule we have created is executed AFTER the Alert Management Rule. According to this post it should be the opposite:
Event Management : Leverage Alert Correlation and Grouping for Noise Reduction
Is there a way to change the order of execution for these rule types or is there another way to solve our requirement?
