Why does the description for an alert differ from an email notification to the web console?

If a notification is sent on an alert that meets the criteria( for example, "Threat" >= 5), and another alert happens later that analytics bundles with the same threat, The description of the threat is updated in the web console to reflect the latest/most severe activity, but the back end doesn't send out an additional email. 

Analytics intentionally groups many alerts, in the same time window, on the same device into a single threat for the customer. Whenever an alert description is updated, additional emails are not sent. This is intended behavior to reduce notification noise for the customer.