Investigate page is set to "Group by hash", but several processes of the same name / hash are listed individually

The current logic to group hashes will not group any processes that are tied to a watchlist hit or with child processes

The current behaviour is by design. Future work will improve the logic to include watchlist events and events with children - DSER-25387