feat(analytics rule) Corrected that rule should not be grouping results

Also added the IntelId & Tanium Alert Id to the custom details

Author: Tanium-Nicole

Solutions/Tanium/Analytic Rules/TaniumThreatResponseAlerts.yaml

@@ -32,6 +32,18 @@ entityMappings:
     fieldMappings:
       - identifier: Name
         columnName: TaniumTHRLabel
+customDetails:
+  IntelId: Intel_Id_d
+  TaniumAlertId: Alert_Id_g
+incidentConfiguration:
+  createIncident: true
+  groupingConfiguration:
+    enabled: false
+    reopenClosedIncident: false
+    lookbackDuration: PT5H
+    matchingMethod: AllEntities
+eventGroupingSettings:
+  aggregationKind: AlertPerResult
 alertDetailsOverride:
   alertDisplayNameFormat: "{{TaniumTHRLabel}}"
   alertDescriptionFormat: "Alert from Tanium Threat Response. GUID: {{Alert_Id_g}}; Computer Name: {{Computer_Name_s}}; IP: {{Computer_IP_s}}"