- Correlation macros valid also for hierarchies flags - Bayesian learning among alerts in alert log - Managing clusters for addresses, timestamps (and more?) - Dynamic cluster_min_size algorithm