diff --git a/x-pack/platform/plugins/private/translations/translations/fr-FR.json b/x-pack/platform/plugins/private/translations/translations/fr-FR.json
index 3d16709e007bc..f733258710670 100644
--- a/x-pack/platform/plugins/private/translations/translations/fr-FR.json
+++ b/x-pack/platform/plugins/private/translations/translations/fr-FR.json
@@ -41264,12 +41264,6 @@
     "xpack.securitySolution.securityIntegration.cribl.mapsTo": "MAPPE À",
     "xpack.securitySolution.securityIntegration.cribl.missingPermissionsCalloutDescription": "Pour configurer cette intégration, vous devez disposer des privilèges \"manage_index_templates\" et \"manage_pipeline\" ou \"manage_ingest_pipelines\".",
     "xpack.securitySolution.securityIntegration.cribl.missingPermissionsCalloutTitle": "Assurez-vous de disposer des privilèges nécessaires",
-    "xpack.securitySolution.selector.grouping.hostName.label": "Nom d'hôte",
-    "xpack.securitySolution.selector.grouping.sourceIP.label": "IP source",
-    "xpack.securitySolution.selector.grouping.userName.label": "Nom d'utilisateur",
-    "xpack.securitySolution.selector.groups.destinationAddress.label": "Adresse de destination",
-    "xpack.securitySolution.selector.groups.ruleName.label": "Nom de règle",
-    "xpack.securitySolution.selector.groups.sourceAddress.label": "Adresse de la source",
     "xpack.securitySolution.selector.summaryView.eventRendererView.label": "Vue rendue des événements",
     "xpack.securitySolution.selector.summaryView.gridView.label": "Vue Grille",
     "xpack.securitySolution.selector.summaryView.options.default.description": "Afficher sous forme de données tabulaires avec la possibilité de regrouper et de trier selon des champs spécifiques",
diff --git a/x-pack/platform/plugins/private/translations/translations/ja-JP.json b/x-pack/platform/plugins/private/translations/translations/ja-JP.json
index 0fabaa477d570..d6c7e3f9ed49d 100644
--- a/x-pack/platform/plugins/private/translations/translations/ja-JP.json
+++ b/x-pack/platform/plugins/private/translations/translations/ja-JP.json
@@ -41237,12 +41237,6 @@
     "xpack.securitySolution.securityIntegration.cribl.mapsTo": "マッピング先",
     "xpack.securitySolution.securityIntegration.cribl.missingPermissionsCalloutDescription": "この統合を構成するには、manage_index_templates権限と、manage_pipelineまたはmanage_ingest_pipelines権限が必要です。",
     "xpack.securitySolution.securityIntegration.cribl.missingPermissionsCalloutTitle": "必要な権限があることを確認してください",
-    "xpack.securitySolution.selector.grouping.hostName.label": "ホスト名",
-    "xpack.securitySolution.selector.grouping.sourceIP.label": "ソース IP",
-    "xpack.securitySolution.selector.grouping.userName.label": "ユーザー名",
-    "xpack.securitySolution.selector.groups.destinationAddress.label": "ターゲットアドレス",
-    "xpack.securitySolution.selector.groups.ruleName.label": "ルール名",
-    "xpack.securitySolution.selector.groups.sourceAddress.label": "ソースアドレス",
     "xpack.securitySolution.selector.summaryView.eventRendererView.label": "イベント表示ビュー",
     "xpack.securitySolution.selector.summaryView.gridView.label": "グリッドビュー",
     "xpack.securitySolution.selector.summaryView.options.default.description": "特定のフィールドでグループ化および並べ替えることができるタブ形式のデータとして表示",
diff --git a/x-pack/platform/plugins/private/translations/translations/zh-CN.json b/x-pack/platform/plugins/private/translations/translations/zh-CN.json
index c18f6b375aedd..0e50cc37d2d53 100644
--- a/x-pack/platform/plugins/private/translations/translations/zh-CN.json
+++ b/x-pack/platform/plugins/private/translations/translations/zh-CN.json
@@ -41302,12 +41302,6 @@
     "xpack.securitySolution.securityIntegration.cribl.mapsTo": "映射到",
     "xpack.securitySolution.securityIntegration.cribl.missingPermissionsCalloutDescription": "要配置此集成，您必须具有 `manage_index_templates` 权限和 `manage_pipeline` 或 `manage_ingest_pipelines` 权限。",
     "xpack.securitySolution.securityIntegration.cribl.missingPermissionsCalloutTitle": "请确保您具有必要权限",
-    "xpack.securitySolution.selector.grouping.hostName.label": "主机名",
-    "xpack.securitySolution.selector.grouping.sourceIP.label": "源 IP",
-    "xpack.securitySolution.selector.grouping.userName.label": "用户名",
-    "xpack.securitySolution.selector.groups.destinationAddress.label": "目标地址",
-    "xpack.securitySolution.selector.groups.ruleName.label": "规则名称",
-    "xpack.securitySolution.selector.groups.sourceAddress.label": "源地址",
     "xpack.securitySolution.selector.summaryView.eventRendererView.label": "事件渲染视图",
     "xpack.securitySolution.selector.summaryView.gridView.label": "网格视图",
     "xpack.securitySolution.selector.summaryView.options.default.description": "以表格数据方式查看，这样可以按特定字段分组和排序",
diff --git a/x-pack/solutions/security/plugins/security_solution/public/common/store/grouping/actions.ts b/x-pack/solutions/security/plugins/security_solution/public/common/store/grouping/actions.ts
index 59d50748e055c..c7972b5ca19ca 100644
--- a/x-pack/solutions/security/plugins/security_solution/public/common/store/grouping/actions.ts
+++ b/x-pack/solutions/security/plugins/security_solution/public/common/store/grouping/actions.ts
@@ -7,11 +7,12 @@
 
 import actionCreatorFactory from 'typescript-fsa';
 import type { TableId } from '@kbn/securitysolution-data-table';
+import type { GroupOption } from '@kbn/grouping';
 
 const actionCreator = actionCreatorFactory('x-pack/security_solution/groups');
 
 export const updateGroups = actionCreator<{
   activeGroups?: string[];
   tableId: TableId;
-  options?: Array<{ key: string; label: string }>;
+  options?: GroupOption[];
 }>('UPDATE_GROUPS');
diff --git a/x-pack/solutions/security/plugins/security_solution/public/common/store/grouping/reducer.ts b/x-pack/solutions/security/plugins/security_solution/public/common/store/grouping/reducer.ts
index aec0d426b28ff..fc26afbb8b49b 100644
--- a/x-pack/solutions/security/plugins/security_solution/public/common/store/grouping/reducer.ts
+++ b/x-pack/solutions/security/plugins/security_solution/public/common/store/grouping/reducer.ts
@@ -6,19 +6,21 @@
  */
 
 import { reducerWithInitialState } from 'typescript-fsa-reducers';
-import { getDefaultGroupingOptions } from '../../utils/alerts';
+import { DEFAULT_GROUPING_OPTIONS } from '../../../detections/components/alerts_table/alerts_grouping';
 import { updateGroups } from './actions';
 import type { Groups } from './types';
 
 export const initialGroupingState: Groups = {};
 
+const EMPTY_ACTIVE_GROUP: string[] = [];
+
 export const groupsReducer = reducerWithInitialState(initialGroupingState).case(
   updateGroups,
   (state, { tableId, ...rest }) => ({
     ...state,
     [tableId]: {
-      activeGroups: [],
-      options: getDefaultGroupingOptions(tableId),
+      activeGroups: EMPTY_ACTIVE_GROUP,
+      options: DEFAULT_GROUPING_OPTIONS,
       ...(state[tableId] ? state[tableId] : {}),
       ...rest,
     },
diff --git a/x-pack/solutions/security/plugins/security_solution/public/common/utils/alerts.ts b/x-pack/solutions/security/plugins/security_solution/public/common/utils/alerts.ts
index 780ab831f8dbb..e0d497ba9e3f8 100644
--- a/x-pack/solutions/security/plugins/security_solution/public/common/utils/alerts.ts
+++ b/x-pack/solutions/security/plugins/security_solution/public/common/utils/alerts.ts
@@ -8,9 +8,6 @@
 import { merge } from '@kbn/std';
 import { isPlainObject } from 'lodash';
 import type { Ecs } from '@kbn/cases-plugin/common';
-import { TableId } from '@kbn/securitysolution-data-table';
-import type { GroupOption } from '@kbn/grouping';
-import * as i18n from './translations';
 
 export const buildAlertsQuery = (alertIds: string[]) => {
   if (alertIds.length === 0) {
@@ -121,47 +118,3 @@ export interface Alert {
   signal: Signal;
   [key: string]: unknown;
 }
-
-// generates default grouping option for alerts table
-export const getDefaultGroupingOptions = (tableId: TableId): GroupOption[] => {
-  if (tableId === TableId.alertsOnAlertsPage || tableId === TableId.alertsRiskInputs) {
-    return [
-      {
-        label: i18n.ruleName,
-        key: 'kibana.alert.rule.name',
-      },
-      {
-        label: i18n.userName,
-        key: 'user.name',
-      },
-      {
-        label: i18n.hostName,
-        key: 'host.name',
-      },
-      {
-        label: i18n.sourceIP,
-        key: 'source.ip',
-      },
-    ];
-  } else if (tableId === TableId.alertsOnRuleDetailsPage) {
-    return [
-      {
-        label: i18n.sourceAddress,
-        key: 'source.address',
-      },
-      {
-        label: i18n.userName,
-        key: 'user.name',
-      },
-      {
-        label: i18n.hostName,
-        key: 'host.name',
-      },
-      {
-        label: i18n.destinationAddress,
-        key: 'destination.address,',
-      },
-    ];
-  }
-  return [];
-};
diff --git a/x-pack/solutions/security/plugins/security_solution/public/common/utils/translations.ts b/x-pack/solutions/security/plugins/security_solution/public/common/utils/translations.ts
deleted file mode 100644
index 775050def6201..0000000000000
--- a/x-pack/solutions/security/plugins/security_solution/public/common/utils/translations.ts
+++ /dev/null
@@ -1,34 +0,0 @@
-/*
- * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
- * or more contributor license agreements. Licensed under the Elastic License
- * 2.0; you may not use this file except in compliance with the Elastic License
- * 2.0.
- */
-
-import { i18n } from '@kbn/i18n';
-
-export const ruleName = i18n.translate('xpack.securitySolution.selector.groups.ruleName.label', {
-  defaultMessage: 'Rule name',
-});
-export const userName = i18n.translate('xpack.securitySolution.selector.grouping.userName.label', {
-  defaultMessage: 'User name',
-});
-export const hostName = i18n.translate('xpack.securitySolution.selector.grouping.hostName.label', {
-  defaultMessage: 'Host name',
-});
-export const sourceIP = i18n.translate('xpack.securitySolution.selector.grouping.sourceIP.label', {
-  defaultMessage: 'Source IP',
-});
-export const sourceAddress = i18n.translate(
-  'xpack.securitySolution.selector.groups.sourceAddress.label',
-  {
-    defaultMessage: 'Source address',
-  }
-);
-
-export const destinationAddress = i18n.translate(
-  'xpack.securitySolution.selector.groups.destinationAddress.label',
-  {
-    defaultMessage: 'Destination address',
-  }
-);
diff --git a/x-pack/solutions/security/plugins/security_solution/public/detection_engine/rule_details_ui/pages/rule_details/index.tsx b/x-pack/solutions/security/plugins/security_solution/public/detection_engine/rule_details_ui/pages/rule_details/index.tsx
index fbd3dfe5b82e3..08a6b066f331d 100644
--- a/x-pack/solutions/security/plugins/security_solution/public/detection_engine/rule_details_ui/pages/rule_details/index.tsx
+++ b/x-pack/solutions/security/plugins/security_solution/public/detection_engine/rule_details_ui/pages/rule_details/index.tsx
@@ -39,6 +39,11 @@ import {
   TableId,
 } from '@kbn/securitysolution-data-table';
 import type { RunTimeMappings } from '@kbn/timelines-plugin/common/search_strategy';
+import {
+  defaultGroupStatsAggregations,
+  defaultGroupStatsRenderer,
+  defaultGroupTitleRenderers,
+} from '../../../../detections/components/alerts_table/grouping_settings';
 import { EndpointExceptionsViewer } from '../../../endpoint_exceptions/endpoint_exceptions_viewer';
 import { DetectionEngineAlertsTable } from '../../../../detections/components/alerts_table';
 import { GroupedAlertsTable } from '../../../../detections/components/alerts_table/alerts_grouping';
@@ -179,6 +184,25 @@ const RuleFieldsSectionWrapper = styled.div`
   overflow-wrap: anywhere;
 `;
 
+const defaultGroupingOptions = [
+  {
+    label: i18n.SOURCE_ADDRESS,
+    key: 'source.address',
+  },
+  {
+    label: i18n.USER_NAME,
+    key: 'user.name',
+  },
+  {
+    label: i18n.HOST_NAME,
+    key: 'host.name',
+  },
+  {
+    label: i18n.DESTINATION_ADDRESS,
+    key: 'destination.address',
+  },
+];
+
 type DetectionEngineComponentProps = PropsFromRedux;
 
 const RuleDetailsPageComponent: React.FC<DetectionEngineComponentProps> = ({
@@ -535,6 +559,14 @@ const RuleDetailsPageComponent: React.FC<DetectionEngineComponentProps> = ({
     confirmManualRuleRun,
   } = useManualRuleRunConfirmation();
 
+  const accordionExtraActionGroupStats = useMemo(
+    () => ({
+      aggregations: defaultGroupStatsAggregations,
+      renderer: defaultGroupStatsRenderer,
+    }),
+    []
+  );
+
   if (
     redirectToDetections(
       isSignalIndexExists,
@@ -762,8 +794,11 @@ const RuleDetailsPageComponent: React.FC<DetectionEngineComponentProps> = ({
                     </Display>
                     {ruleId != null && (
                       <GroupedAlertsTable
+                        accordionButtonContent={defaultGroupTitleRenderers}
+                        accordionExtraActionGroupStats={accordionExtraActionGroupStats}
                         currentAlertStatusFilterValue={currentAlertStatusFilterValue}
                         defaultFilters={alertMergedFilters}
+                        defaultGroupingOptions={defaultGroupingOptions}
                         from={from}
                         globalFilters={filters}
                         globalQuery={query}
diff --git a/x-pack/solutions/security/plugins/security_solution/public/detection_engine/rule_details_ui/pages/rule_details/translations.ts b/x-pack/solutions/security/plugins/security_solution/public/detection_engine/rule_details_ui/pages/rule_details/translations.ts
index 3fb9f2f651cd4..47e5dfad0252b 100644
--- a/x-pack/solutions/security/plugins/security_solution/public/detection_engine/rule_details_ui/pages/rule_details/translations.ts
+++ b/x-pack/solutions/security/plugins/security_solution/public/detection_engine/rule_details_ui/pages/rule_details/translations.ts
@@ -73,3 +73,31 @@ export const DELETE_CONFIRMATION_BODY = i18n.translate(
     defaultMessage: 'This action will delete the rule. Click "Delete" to continue.',
   }
 );
+
+export const SOURCE_ADDRESS = i18n.translate(
+  'xpack.securitySolution.detectionEngine.ruleDetails.groups.sourceAddress',
+  {
+    defaultMessage: 'Source address',
+  }
+);
+
+export const USER_NAME = i18n.translate(
+  'xpack.securitySolution.detectionEngine.ruleDetails.groups.userName',
+  {
+    defaultMessage: 'User name',
+  }
+);
+
+export const HOST_NAME = i18n.translate(
+  'xpack.securitySolution.detectionEngine.ruleDetails.groups.hostName',
+  {
+    defaultMessage: 'Host name',
+  }
+);
+
+export const DESTINATION_ADDRESS = i18n.translate(
+  'xpack.securitySolution.detectionEngine.ruleDetails.groups.destinationAddress',
+  {
+    defaultMessage: 'Destination address',
+  }
+);
diff --git a/x-pack/solutions/security/plugins/security_solution/public/detections/components/alerts_table/alerts_grouping.test.tsx b/x-pack/solutions/security/plugins/security_solution/public/detections/components/alerts_table/alerts_grouping.test.tsx
index 5392d730c9e0d..4f4f9fb24028d 100644
--- a/x-pack/solutions/security/plugins/security_solution/public/detections/components/alerts_table/alerts_grouping.test.tsx
+++ b/x-pack/solutions/security/plugins/security_solution/public/detections/components/alerts_table/alerts_grouping.test.tsx
@@ -21,6 +21,12 @@ import { createTelemetryServiceMock } from '../../../common/lib/telemetry/teleme
 import { useQueryAlerts } from '../../containers/detection_engine/alerts/use_query';
 import { getQuery, groupingSearchResponse } from './grouping_settings/mock';
 import { AlertsEventTypes } from '../../../common/lib/telemetry';
+import {
+  defaultGroupingOptions,
+  defaultGroupStatsAggregations,
+  defaultGroupStatsRenderer,
+  defaultGroupTitleRenderers,
+} from './grouping_settings';
 
 jest.mock('../../containers/detection_engine/alerts/use_query');
 jest.mock('../../../sourcerer/containers');
@@ -45,10 +51,10 @@ jest.mock('../../../common/containers/use_global_time', () => {
 });
 
 const mockOptions = [
-  { label: 'ruleName', key: 'kibana.alert.rule.name' },
-  { label: 'userName', key: 'user.name' },
-  { label: 'hostName', key: 'host.name' },
-  { label: 'sourceIP', key: 'source.ip' },
+  { label: 'Rule name', key: 'kibana.alert.rule.name' },
+  { label: 'User name', key: 'user.name' },
+  { label: 'Host name', key: 'host.name' },
+  { label: 'Source IP', key: 'source.ip' },
 ];
 
 jest.mock('../../../common/utils/alerts', () => {
@@ -113,7 +119,13 @@ const renderChildComponent = (groupingFilters: Filter[]) => <p data-test-subj="a
 
 const testProps: AlertsTableComponentProps = {
   ...mockDate,
+  accordionButtonContent: defaultGroupTitleRenderers,
+  accordionExtraActionGroupStats: {
+    aggregations: defaultGroupStatsAggregations,
+    renderer: defaultGroupStatsRenderer,
+  },
   defaultFilters: [],
+  defaultGroupingOptions,
   globalFilters: [],
   globalQuery: {
     query: 'query',
@@ -191,6 +203,7 @@ describe('GroupedAlertsTable', () => {
     });
     expect(mockDispatch.mock.calls[1][0].payload).toEqual({
       activeGroups: ['none'],
+      options: mockOptions,
       tableId: testProps.tableId,
     });
   });
diff --git a/x-pack/solutions/security/plugins/security_solution/public/detections/components/alerts_table/alerts_grouping.tsx b/x-pack/solutions/security/plugins/security_solution/public/detections/components/alerts_table/alerts_grouping.tsx
index c4dd142fc71b3..24f8a82f1314f 100644
--- a/x-pack/solutions/security/plugins/security_solution/public/detections/components/alerts_table/alerts_grouping.tsx
+++ b/x-pack/solutions/security/plugins/security_solution/public/detections/components/alerts_table/alerts_grouping.tsx
@@ -8,28 +8,61 @@
 import React, { useCallback, useEffect, useMemo, useRef, useState } from 'react';
 import { useDispatch } from 'react-redux';
 import type { Filter, Query } from '@kbn/es-query';
-import { isNoneGroup, useGrouping } from '@kbn/grouping';
+import {
+  type GroupOption,
+  type GroupStatsItem,
+  isNoneGroup,
+  type NamedAggregation,
+  type RawBucket,
+  useGrouping,
+} from '@kbn/grouping';
 import { isEmpty, isEqual } from 'lodash/fp';
 import type { Storage } from '@kbn/kibana-utils-plugin/public';
 import type { TableIdLiteral } from '@kbn/securitysolution-data-table';
-import type { GroupingArgs } from '@kbn/grouping/src';
+import type { GetGroupStats, GroupingArgs, GroupPanelRenderer } from '@kbn/grouping/src';
+import type { AlertsGroupingAggregation } from './grouping_settings/types';
 import { groupIdSelector } from '../../../common/store/grouping/selectors';
-import { getDefaultGroupingOptions } from '../../../common/utils/alerts';
 import { useDeepEqualSelector } from '../../../common/hooks/use_selector';
 import { updateGroups } from '../../../common/store/grouping/actions';
 import type { Status } from '../../../../common/api/detection_engine';
 import { defaultUnit } from '../../../common/components/toolbar/unit';
 import { useSourcererDataView } from '../../../sourcerer/containers';
-import { SourcererScopeName } from '../../../sourcerer/store/model';
 import type { RunTimeMappings } from '../../../sourcerer/store/model';
-import { renderGroupPanel, getStats } from './grouping_settings';
+import { SourcererScopeName } from '../../../sourcerer/store/model';
 import { useKibana } from '../../../common/lib/kibana';
 import { GroupedSubLevel } from './alerts_sub_grouping';
 import { AlertsEventTypes, track } from '../../../common/lib/telemetry';
+import * as i18n from './translations';
 
 export interface AlertsTableComponentProps {
+  /**
+   * Allows to customize the `buttonContent` props of the EuiAccordion.
+   * It basically renders the text next to the chevron, used to expand/collapse the accordion.
+   * If none provided, the DefaultGroupPanelRenderer will be used (see kbn-grouping package).
+   */
+  accordionButtonContent?: GroupPanelRenderer<AlertsGroupingAggregation>;
+  /**
+   * Allow to partially customize the `extraAction` props of the EuiAccordion.
+   * It basically renders the statistics to right side of the title and the left side of the Take actions button.
+   * If none provided, we display the number of alerts for the group.
+   */
+  accordionExtraActionGroupStats?: {
+    /**
+     * Responsible to fetch the aggregation data to populate the UI values
+     */
+    aggregations: (field: string) => NamedAggregation[];
+    /**
+     * Responsible for rendering the aggregation data
+     */
+    renderer: GetGroupStats<AlertsGroupingAggregation>;
+  };
   currentAlertStatusFilterValue?: Status[];
   defaultFilters?: Filter[];
+  /**
+   * Default values to display in the group selection dropdown.
+   * If none are provided, the only options there will None (default) and be Custom field.
+   */
+  defaultGroupingOptions?: GroupOption[];
   from: string;
   globalFilters: Filter[];
   globalQuery: Query;
@@ -46,6 +79,39 @@ export interface AlertsTableComponentProps {
 const DEFAULT_PAGE_SIZE = 25;
 const DEFAULT_PAGE_INDEX = 0;
 const MAX_GROUPING_LEVELS = 3;
+export const DEFAULT_GROUPING_OPTIONS: GroupOption[] = [];
+
+/**
+ * This is used as default behavior if no group renderer is passed via props.
+ * This will render the number of alerts.
+ * It's paired with the DEFAULT_GROUP_STATS_AGGREGATION which retrieves the aggregation data.
+ */
+export const DEFAULT_GROUP_STATS_RENDERER: GetGroupStats<AlertsGroupingAggregation> = (
+  _: string,
+  bucket: RawBucket<AlertsGroupingAggregation>
+): GroupStatsItem[] => [
+  {
+    title: i18n.STATS_GROUP_ALERTS,
+    badge: {
+      value: bucket.doc_count,
+      width: 50,
+      color: '#a83632',
+    },
+  },
+];
+/**
+ * This is used as default behavior if no group aggregations is passed via props.
+ * This will render retrieve the values to render the DEFAULT_GROUP_STATS_RENDERER above.
+ */
+export const DEFAULT_GROUP_STATS_AGGREGATION: (field: string) => NamedAggregation[] = () => [
+  {
+    unitsCount: {
+      cardinality: {
+        field: 'kibana.alert.uuid',
+      },
+    },
+  },
+];
 
 const useStorage = (storage: Storage, tableId: string) =>
   useMemo(
@@ -110,14 +176,29 @@ const GroupedAlertsTableComponent: React.FC<AlertsTableComponentProps> = (props)
 
   const fields = useMemo(() => Object.values(sourcererDataView.fields || {}), [sourcererDataView]);
 
+  const groupingOptions = useMemo(
+    () => props.defaultGroupingOptions || DEFAULT_GROUPING_OPTIONS,
+    [props.defaultGroupingOptions]
+  );
+
+  const groupStatsRenderer = useMemo(
+    () => props.accordionExtraActionGroupStats?.renderer || DEFAULT_GROUP_STATS_RENDERER,
+    [props.accordionExtraActionGroupStats?.renderer]
+  );
+
+  const groupStatusAggregations = useMemo(
+    () => props.accordionExtraActionGroupStats?.aggregations || DEFAULT_GROUP_STATS_AGGREGATION,
+    [props.accordionExtraActionGroupStats?.aggregations]
+  );
+
   const { getGrouping, selectedGroups, setSelectedGroups } = useGrouping({
     componentProps: {
-      groupPanelRenderer: renderGroupPanel,
-      getGroupStats: getStats,
+      groupPanelRenderer: props.accordionButtonContent,
+      getGroupStats: groupStatsRenderer,
       onGroupToggle,
       unit: defaultUnit,
     },
-    defaultGroupingOptions: getDefaultGroupingOptions(props.tableId),
+    defaultGroupingOptions: groupingOptions,
     fields,
     groupingId: props.tableId,
     maxGroupingLevels: MAX_GROUPING_LEVELS,
@@ -134,11 +215,12 @@ const GroupedAlertsTableComponent: React.FC<AlertsTableComponentProps> = (props)
       dispatch(
         updateGroups({
           activeGroups: selectedGroups,
+          options: groupingOptions,
           tableId: props.tableId,
         })
       );
     }
-  }, [dispatch, props.tableId, selectedGroups]);
+  }, [groupingOptions, dispatch, props.tableId, selectedGroups]);
 
   useEffect(() => {
     if (groupInRedux != null && !isNoneGroup(groupInRedux.activeGroups)) {
@@ -245,6 +327,7 @@ const GroupedAlertsTableComponent: React.FC<AlertsTableComponentProps> = (props)
           {...props}
           getGrouping={getGrouping}
           groupingLevel={level}
+          groupStatsAggregations={groupStatusAggregations}
           onGroupClose={() => resetGroupChildrenPagination(level)}
           pageIndex={pageIndex[level] ?? DEFAULT_PAGE_INDEX}
           pageSize={pageSize[level] ?? DEFAULT_PAGE_SIZE}
@@ -256,7 +339,7 @@ const GroupedAlertsTableComponent: React.FC<AlertsTableComponentProps> = (props)
         />
       );
     },
-    [getGrouping, pageIndex, pageSize, props, selectedGroups, setPageVar]
+    [getGrouping, groupStatusAggregations, pageIndex, pageSize, props, selectedGroups, setPageVar]
   );
 
   if (isEmpty(selectedPatterns)) {
diff --git a/x-pack/solutions/security/plugins/security_solution/public/detections/components/alerts_table/alerts_sub_grouping.tsx b/x-pack/solutions/security/plugins/security_solution/public/detections/components/alerts_table/alerts_sub_grouping.tsx
index 9e6cc89634a36..f0a9bcbc7605d 100644
--- a/x-pack/solutions/security/plugins/security_solution/public/detections/components/alerts_table/alerts_sub_grouping.tsx
+++ b/x-pack/solutions/security/plugins/security_solution/public/detections/components/alerts_table/alerts_sub_grouping.tsx
@@ -9,15 +9,15 @@ import React, { useCallback, useEffect, useMemo, useRef } from 'react';
 import { v4 as uuidv4 } from 'uuid';
 import type { Filter, Query } from '@kbn/es-query';
 import { buildEsQuery } from '@kbn/es-query';
-import type { GroupingAggregation } from '@kbn/grouping';
+import type { GroupingAggregation, NamedAggregation } from '@kbn/grouping';
 import { isNoneGroup } from '@kbn/grouping';
 import { getEsQueryConfig } from '@kbn/data-plugin/common';
 import type { DynamicGroupingProps } from '@kbn/grouping/src';
 import { parseGroupingQuery } from '@kbn/grouping/src';
 import type { TableIdLiteral } from '@kbn/securitysolution-data-table';
 import type { RunTimeMappings } from '../../../sourcerer/store/model';
-import { combineQueries } from '../../../common/lib/kuery';
 import { SourcererScopeName } from '../../../sourcerer/store/model';
+import { combineQueries } from '../../../common/lib/kuery';
 import type { AlertsGroupingAggregation } from './grouping_settings/types';
 import type { Status } from '../../../../common/api/detection_engine';
 import { InspectButton } from '../../../common/components/inspect';
@@ -46,6 +46,11 @@ interface OwnProps {
   globalFilters: Filter[];
   globalQuery: Query;
   groupingLevel?: number;
+  /**
+   * Function that returns the group aggregations by field.
+   * This is then used to render values in the EuiAccordion `extraAction` section.
+   */
+  groupStatsAggregations: (field: string) => NamedAggregation[];
   hasIndexMaintenance: boolean;
   hasIndexWrite: boolean;
   loading: boolean;
@@ -73,6 +78,7 @@ export const GroupedSubLevelComponent: React.FC<AlertsTableComponentProps> = ({
   globalFilters,
   globalQuery,
   groupingLevel,
+  groupStatsAggregations,
   hasIndexMaintenance,
   hasIndexWrite,
   loading,
@@ -147,6 +153,7 @@ export const GroupedSubLevelComponent: React.FC<AlertsTableComponentProps> = ({
 
   const queryGroups = useMemo(() => {
     return getAlertsGroupingQuery({
+      groupStatsAggregations,
       additionalFilters,
       selectedGroup,
       uniqueValue,
@@ -159,6 +166,7 @@ export const GroupedSubLevelComponent: React.FC<AlertsTableComponentProps> = ({
   }, [
     additionalFilters,
     from,
+    groupStatsAggregations,
     pageIndex,
     pageSize,
     runtimeMappings,
@@ -251,6 +259,13 @@ export const GroupedSubLevelComponent: React.FC<AlertsTableComponentProps> = ({
     [defaultFilters, getGlobalQuery, selectedGroup, tableId, takeActionItems]
   );
 
+  const onChangeGroupsItemsPerPage = useCallback(
+    (size: number) => setPageSize(size),
+    [setPageSize]
+  );
+
+  const onChangeGroupsPage = useCallback((index: number) => setPageIndex(index), [setPageIndex]);
+
   return useMemo(
     () =>
       getGrouping({
@@ -260,8 +275,8 @@ export const GroupedSubLevelComponent: React.FC<AlertsTableComponentProps> = ({
         inspectButton: inspect,
         isLoading: loading || isLoadingGroups,
         itemsPerPage: pageSize,
-        onChangeGroupsItemsPerPage: (size: number) => setPageSize(size),
-        onChangeGroupsPage: (index) => setPageIndex(index),
+        onChangeGroupsItemsPerPage,
+        onChangeGroupsPage,
         onGroupClose,
         renderChildComponent,
         selectedGroup,
@@ -275,13 +290,13 @@ export const GroupedSubLevelComponent: React.FC<AlertsTableComponentProps> = ({
       inspect,
       isLoadingGroups,
       loading,
+      onChangeGroupsItemsPerPage,
+      onChangeGroupsPage,
       onGroupClose,
       pageIndex,
       pageSize,
       renderChildComponent,
       selectedGroup,
-      setPageIndex,
-      setPageSize,
     ]
   );
 };
diff --git a/x-pack/solutions/security/plugins/security_solution/public/detections/components/alerts_table/grouping_settings/default_group_stats_aggregations.test.tsx b/x-pack/solutions/security/plugins/security_solution/public/detections/components/alerts_table/grouping_settings/default_group_stats_aggregations.test.tsx
new file mode 100644
index 0000000000000..5efd44da61b53
--- /dev/null
+++ b/x-pack/solutions/security/plugins/security_solution/public/detections/components/alerts_table/grouping_settings/default_group_stats_aggregations.test.tsx
@@ -0,0 +1,204 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import { defaultGroupStatsAggregations } from '.';
+
+describe('defaultGroupStatsAggregations', () => {
+  it('should return the default values if the field is not supported', () => {
+    const aggregations = defaultGroupStatsAggregations('unknown');
+
+    expect(aggregations).toEqual([
+      {
+        unitsCount: {
+          cardinality: {
+            field: 'kibana.alert.uuid',
+          },
+        },
+      },
+      {
+        rulesCountAggregation: {
+          cardinality: {
+            field: 'kibana.alert.rule.rule_id',
+          },
+        },
+      },
+    ]);
+  });
+
+  it('should return values depending on the input field', () => {
+    const ruleAggregations = defaultGroupStatsAggregations('kibana.alert.rule.name');
+    expect(ruleAggregations).toEqual([
+      {
+        unitsCount: {
+          cardinality: {
+            field: 'kibana.alert.uuid',
+          },
+        },
+      },
+      {
+        description: {
+          terms: {
+            field: 'kibana.alert.rule.description',
+            size: 1,
+          },
+        },
+      },
+      {
+        countSeveritySubAggregation: {
+          cardinality: {
+            field: 'kibana.alert.severity',
+          },
+        },
+      },
+      {
+        severitiesSubAggregation: {
+          terms: {
+            field: 'kibana.alert.severity',
+          },
+        },
+      },
+      {
+        usersCountAggregation: {
+          cardinality: {
+            field: 'user.name',
+          },
+        },
+      },
+      {
+        hostsCountAggregation: {
+          cardinality: {
+            field: 'host.name',
+          },
+        },
+      },
+      {
+        ruleTags: {
+          terms: {
+            field: 'kibana.alert.rule.tags',
+          },
+        },
+      },
+    ]);
+
+    const hostAggregations = defaultGroupStatsAggregations('host.name');
+    expect(hostAggregations).toEqual([
+      {
+        unitsCount: {
+          cardinality: {
+            field: 'kibana.alert.uuid',
+          },
+        },
+      },
+      {
+        rulesCountAggregation: {
+          cardinality: {
+            field: 'kibana.alert.rule.rule_id',
+          },
+        },
+      },
+      {
+        countSeveritySubAggregation: {
+          cardinality: {
+            field: 'kibana.alert.severity',
+          },
+        },
+      },
+      {
+        severitiesSubAggregation: {
+          terms: {
+            field: 'kibana.alert.severity',
+          },
+        },
+      },
+      {
+        usersCountAggregation: {
+          cardinality: {
+            field: 'user.name',
+          },
+        },
+      },
+    ]);
+
+    const userAggregations = defaultGroupStatsAggregations('user.name');
+    expect(userAggregations).toEqual([
+      {
+        unitsCount: {
+          cardinality: {
+            field: 'kibana.alert.uuid',
+          },
+        },
+      },
+      {
+        rulesCountAggregation: {
+          cardinality: {
+            field: 'kibana.alert.rule.rule_id',
+          },
+        },
+      },
+      {
+        countSeveritySubAggregation: {
+          cardinality: {
+            field: 'kibana.alert.severity',
+          },
+        },
+      },
+      {
+        severitiesSubAggregation: {
+          terms: {
+            field: 'kibana.alert.severity',
+          },
+        },
+      },
+      {
+        hostsCountAggregation: {
+          cardinality: {
+            field: 'host.name',
+          },
+        },
+      },
+    ]);
+
+    const sourceAggregations = defaultGroupStatsAggregations('source.ip');
+    expect(sourceAggregations).toEqual([
+      {
+        unitsCount: {
+          cardinality: {
+            field: 'kibana.alert.uuid',
+          },
+        },
+      },
+      {
+        rulesCountAggregation: {
+          cardinality: {
+            field: 'kibana.alert.rule.rule_id',
+          },
+        },
+      },
+      {
+        countSeveritySubAggregation: {
+          cardinality: {
+            field: 'kibana.alert.severity',
+          },
+        },
+      },
+      {
+        severitiesSubAggregation: {
+          terms: {
+            field: 'kibana.alert.severity',
+          },
+        },
+      },
+      {
+        hostsCountAggregation: {
+          cardinality: {
+            field: 'host.name',
+          },
+        },
+      },
+    ]);
+  });
+});
diff --git a/x-pack/solutions/security/plugins/security_solution/public/detections/components/alerts_table/grouping_settings/default_group_stats_aggregations.ts b/x-pack/solutions/security/plugins/security_solution/public/detections/components/alerts_table/grouping_settings/default_group_stats_aggregations.ts
new file mode 100644
index 0000000000000..37a8425686cb5
--- /dev/null
+++ b/x-pack/solutions/security/plugins/security_solution/public/detections/components/alerts_table/grouping_settings/default_group_stats_aggregations.ts
@@ -0,0 +1,187 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import type { NamedAggregation } from '@kbn/grouping';
+import { DEFAULT_GROUP_STATS_AGGREGATION } from '../alerts_grouping';
+
+/**
+ * Returns aggregations to be used to calculate the statistics to be used in the `extraAction` property of the EUiAccordion component.
+ * It handles custom renders for the following fields:
+ * - kibana.alert.rule.name
+ * - host.name
+ * - user.name
+ * - source.ip
+ * And returns a default set of aggregation for all the other fields.
+ *
+ * This go hand in hand with defaultGroupingOptions, defaultGroupTitleRenderers and defaultGroupStatsRenderer.
+ */
+export const defaultGroupStatsAggregations = (field: string): NamedAggregation[] => {
+  const aggMetrics: NamedAggregation[] = DEFAULT_GROUP_STATS_AGGREGATION('');
+
+  switch (field) {
+    case 'kibana.alert.rule.name':
+      aggMetrics.push(
+        ...[
+          {
+            description: {
+              terms: {
+                field: 'kibana.alert.rule.description',
+                size: 1,
+              },
+            },
+          },
+          {
+            countSeveritySubAggregation: {
+              cardinality: {
+                field: 'kibana.alert.severity',
+              },
+            },
+          },
+          {
+            severitiesSubAggregation: {
+              terms: {
+                field: 'kibana.alert.severity',
+              },
+            },
+          },
+          {
+            usersCountAggregation: {
+              cardinality: {
+                field: 'user.name',
+              },
+            },
+          },
+          {
+            hostsCountAggregation: {
+              cardinality: {
+                field: 'host.name',
+              },
+            },
+          },
+          {
+            ruleTags: {
+              terms: {
+                field: 'kibana.alert.rule.tags',
+              },
+            },
+          },
+        ]
+      );
+      break;
+    case 'host.name':
+      aggMetrics.push(
+        ...[
+          {
+            rulesCountAggregation: {
+              cardinality: {
+                field: 'kibana.alert.rule.rule_id',
+              },
+            },
+          },
+          {
+            countSeveritySubAggregation: {
+              cardinality: {
+                field: 'kibana.alert.severity',
+              },
+            },
+          },
+          {
+            severitiesSubAggregation: {
+              terms: {
+                field: 'kibana.alert.severity',
+              },
+            },
+          },
+          {
+            usersCountAggregation: {
+              cardinality: {
+                field: 'user.name',
+              },
+            },
+          },
+        ]
+      );
+      break;
+    case 'user.name':
+      aggMetrics.push(
+        ...[
+          {
+            rulesCountAggregation: {
+              cardinality: {
+                field: 'kibana.alert.rule.rule_id',
+              },
+            },
+          },
+          {
+            countSeveritySubAggregation: {
+              cardinality: {
+                field: 'kibana.alert.severity',
+              },
+            },
+          },
+          {
+            severitiesSubAggregation: {
+              terms: {
+                field: 'kibana.alert.severity',
+              },
+            },
+          },
+          {
+            hostsCountAggregation: {
+              cardinality: {
+                field: 'host.name',
+              },
+            },
+          },
+        ]
+      );
+      break;
+    case 'source.ip':
+      aggMetrics.push(
+        ...[
+          {
+            rulesCountAggregation: {
+              cardinality: {
+                field: 'kibana.alert.rule.rule_id',
+              },
+            },
+          },
+          {
+            countSeveritySubAggregation: {
+              cardinality: {
+                field: 'kibana.alert.severity',
+              },
+            },
+          },
+          {
+            severitiesSubAggregation: {
+              terms: {
+                field: 'kibana.alert.severity',
+              },
+            },
+          },
+          {
+            hostsCountAggregation: {
+              cardinality: {
+                field: 'host.name',
+              },
+            },
+          },
+        ]
+      );
+      break;
+    default:
+      aggMetrics.push({
+        rulesCountAggregation: {
+          cardinality: {
+            field: 'kibana.alert.rule.rule_id',
+          },
+        },
+      });
+  }
+  return aggMetrics;
+};
diff --git a/x-pack/solutions/security/plugins/security_solution/public/detections/components/alerts_table/grouping_settings/group_stats.test.tsx b/x-pack/solutions/security/plugins/security_solution/public/detections/components/alerts_table/grouping_settings/default_group_stats_renderers.test.tsx
similarity index 93%
rename from x-pack/solutions/security/plugins/security_solution/public/detections/components/alerts_table/grouping_settings/group_stats.test.tsx
rename to x-pack/solutions/security/plugins/security_solution/public/detections/components/alerts_table/grouping_settings/default_group_stats_renderers.test.tsx
index 42224db3ec3b5..34c1f4952807d 100644
--- a/x-pack/solutions/security/plugins/security_solution/public/detections/components/alerts_table/grouping_settings/group_stats.test.tsx
+++ b/x-pack/solutions/security/plugins/security_solution/public/detections/components/alerts_table/grouping_settings/default_group_stats_renderers.test.tsx
@@ -5,11 +5,11 @@
  * 2.0.
  */
 
-import { getStats } from '.';
+import { defaultGroupStatsRenderer } from '.';
 
 describe('getStats', () => {
   it('returns array of badges which corresponds to the field name', () => {
-    const badgesRuleName = getStats('kibana.alert.rule.name', {
+    const badgesRuleName = defaultGroupStatsRenderer('kibana.alert.rule.name', {
       key: [],
       severitiesSubAggregation: { buckets: [{ key: 'medium', doc_count: 10 }] },
       countSeveritySubAggregation: { value: 1 },
@@ -52,7 +52,7 @@ describe('getStats', () => {
       )
     ).toBeTruthy();
 
-    const badgesHostName = getStats('host.name', {
+    const badgesHostName = defaultGroupStatsRenderer('host.name', {
       key: 'Host',
       severitiesSubAggregation: { buckets: [{ key: 'medium', doc_count: 10 }] },
       countSeveritySubAggregation: { value: 1 },
@@ -95,7 +95,7 @@ describe('getStats', () => {
       )
     ).toBeTruthy();
 
-    const badgesUserName = getStats('user.name', {
+    const badgesUserName = defaultGroupStatsRenderer('user.name', {
       key: 'User test',
       severitiesSubAggregation: { buckets: [{ key: 'medium', doc_count: 10 }] },
       countSeveritySubAggregation: { value: 1 },
@@ -138,7 +138,7 @@ describe('getStats', () => {
       )
     ).toBeTruthy();
 
-    const badgesSourceIp = getStats('source.ip', {
+    const badgesSourceIp = defaultGroupStatsRenderer('source.ip', {
       key: 'User test',
       severitiesSubAggregation: { buckets: [{ key: 'medium', doc_count: 10 }] },
       countSeveritySubAggregation: { value: 1 },
@@ -183,7 +183,7 @@ describe('getStats', () => {
   });
 
   it('should return default badges if the field specific does not exist', () => {
-    const badges = getStats('process.name', {
+    const badges = defaultGroupStatsRenderer('process.name', {
       key: 'process',
       severitiesSubAggregation: { buckets: [{ key: 'medium', doc_count: 10 }] },
       countSeveritySubAggregation: { value: 1 },
diff --git a/x-pack/solutions/security/plugins/security_solution/public/detections/components/alerts_table/grouping_settings/group_stats.tsx b/x-pack/solutions/security/plugins/security_solution/public/detections/components/alerts_table/grouping_settings/default_group_stats_renderers.tsx
similarity index 85%
rename from x-pack/solutions/security/plugins/security_solution/public/detections/components/alerts_table/grouping_settings/group_stats.tsx
rename to x-pack/solutions/security/plugins/security_solution/public/detections/components/alerts_table/grouping_settings/default_group_stats_renderers.tsx
index 6274270962aea..c70a50a09cc85 100644
--- a/x-pack/solutions/security/plugins/security_solution/public/detections/components/alerts_table/grouping_settings/group_stats.tsx
+++ b/x-pack/solutions/security/plugins/security_solution/public/detections/components/alerts_table/grouping_settings/default_group_stats_renderers.tsx
@@ -8,6 +8,7 @@
 import { EuiIcon } from '@elastic/eui';
 import React from 'react';
 import type { GroupStatsItem, RawBucket } from '@kbn/grouping';
+import { DEFAULT_GROUP_STATS_RENDERER } from '../alerts_grouping';
 import type { AlertsGroupingAggregation } from './types';
 import * as i18n from '../translations';
 
@@ -64,7 +65,18 @@ const multiSeverity = (
   </>
 );
 
-export const getStats = (
+/**
+ * Returns statistics to be used in the`extraAction` property of the EuiAccordion component used within the kbn-grouping package.
+ * It handles custom renders for the following fields:
+ * - kibana.alert.rule.name
+ * - host.name
+ * - user.name
+ * - source.ip
+ * And returns a default view for all the other fields.
+ *
+ * This go hand in hand with defaultGroupingOptions, defaultGroupTitleRenderers and defaultGroupStatsAggregations.
+ */
+export const defaultGroupStatsRenderer = (
   selectedGroup: string,
   bucket: RawBucket<AlertsGroupingAggregation>
 ): GroupStatsItem[] => {
@@ -86,16 +98,7 @@ export const getStats = (
         },
       ];
 
-  const defaultBadges: GroupStatsItem[] = [
-    {
-      title: i18n.STATS_GROUP_ALERTS,
-      badge: {
-        value: bucket.doc_count,
-        width: 50,
-        color: '#a83632',
-      },
-    },
-  ];
+  const defaultBadges: GroupStatsItem[] = DEFAULT_GROUP_STATS_RENDERER(selectedGroup, bucket);
 
   switch (selectedGroup) {
     case 'kibana.alert.rule.name':
diff --git a/x-pack/solutions/security/plugins/security_solution/public/detections/components/alerts_table/grouping_settings/group_panel_renderers.test.tsx b/x-pack/solutions/security/plugins/security_solution/public/detections/components/alerts_table/grouping_settings/default_group_title_renderers.test.tsx
similarity index 86%
rename from x-pack/solutions/security/plugins/security_solution/public/detections/components/alerts_table/grouping_settings/group_panel_renderers.test.tsx
rename to x-pack/solutions/security/plugins/security_solution/public/detections/components/alerts_table/grouping_settings/default_group_title_renderers.test.tsx
index 2038bddea952e..2a0103c55f83d 100644
--- a/x-pack/solutions/security/plugins/security_solution/public/detections/components/alerts_table/grouping_settings/group_panel_renderers.test.tsx
+++ b/x-pack/solutions/security/plugins/security_solution/public/detections/components/alerts_table/grouping_settings/default_group_title_renderers.test.tsx
@@ -5,13 +5,13 @@
  * 2.0.
  */
 
-import { renderGroupPanel } from '.';
+import { defaultGroupTitleRenderers } from '.';
 import { render } from '@testing-library/react';
 
-describe('renderGroupPanel', () => {
+describe('defaultGroupTitleRenderers', () => {
   it('renders correctly when the field renderer exists', () => {
     let { getByTestId } = render(
-      renderGroupPanel(
+      defaultGroupTitleRenderers(
         'kibana.alert.rule.name',
         {
           key: ['Rule name test', 'Some description'],
@@ -23,7 +23,7 @@ describe('renderGroupPanel', () => {
 
     expect(getByTestId('rule-name-group-renderer')).toBeInTheDocument();
     const result1 = render(
-      renderGroupPanel(
+      defaultGroupTitleRenderers(
         'host.name',
         {
           key: 'Host',
@@ -37,7 +37,7 @@ describe('renderGroupPanel', () => {
     expect(getByTestId('host-name-group-renderer')).toBeInTheDocument();
 
     const result2 = render(
-      renderGroupPanel(
+      defaultGroupTitleRenderers(
         'user.name',
         {
           key: 'User test',
@@ -50,7 +50,7 @@ describe('renderGroupPanel', () => {
 
     expect(getByTestId('host-name-group-renderer')).toBeInTheDocument();
     const result3 = render(
-      renderGroupPanel(
+      defaultGroupTitleRenderers(
         'source.ip',
         {
           key: 'sourceIp',
@@ -65,7 +65,7 @@ describe('renderGroupPanel', () => {
   });
 
   it('returns undefined when the renderer does not exist', () => {
-    const wrapper = renderGroupPanel(
+    const wrapper = defaultGroupTitleRenderers(
       'process.name',
       {
         key: 'process',
diff --git a/x-pack/solutions/security/plugins/security_solution/public/detections/components/alerts_table/grouping_settings/group_panel_renderers.tsx b/x-pack/solutions/security/plugins/security_solution/public/detections/components/alerts_table/grouping_settings/default_group_title_renderers.tsx
similarity index 87%
rename from x-pack/solutions/security/plugins/security_solution/public/detections/components/alerts_table/grouping_settings/group_panel_renderers.tsx
rename to x-pack/solutions/security/plugins/security_solution/public/detections/components/alerts_table/grouping_settings/default_group_title_renderers.tsx
index 4a2ad75f49380..19ad2869af703 100644
--- a/x-pack/solutions/security/plugins/security_solution/public/detections/components/alerts_table/grouping_settings/group_panel_renderers.tsx
+++ b/x-pack/solutions/security/plugins/security_solution/public/detections/components/alerts_table/grouping_settings/default_group_title_renderers.tsx
@@ -24,7 +24,18 @@ import type { GenericBuckets } from '../../../../../common/search_strategy';
 import { PopoverItems } from '../../../../common/components/popover_items';
 import { COLUMN_TAGS } from '../../../../detection_engine/common/translations';
 
-export const renderGroupPanel: GroupPanelRenderer<AlertsGroupingAggregation> = (
+/**
+ * Returns renderers to be used in the `buttonContent` property of the EuiAccordion component used within the kbn-grouping package.
+ * It handles custom renders for the following fields:
+ * - kibana.alert.rule.name
+ * - host.name
+ * - user.name
+ * - source.ip
+ * For all the other fields the default renderer managed within the kbn-grouping package will be used.
+ *
+ * This go hand in hand with defaultGroupingOptions and defaultGroupStatsRenderer and defaultGroupStatsAggregations.
+ */
+export const defaultGroupTitleRenderers: GroupPanelRenderer<AlertsGroupingAggregation> = (
   selectedGroup,
   bucket,
   nullGroupMessage
diff --git a/x-pack/solutions/security/plugins/security_solution/public/detections/components/alerts_table/grouping_settings/default_grouping_options.tsx b/x-pack/solutions/security/plugins/security_solution/public/detections/components/alerts_table/grouping_settings/default_grouping_options.tsx
new file mode 100644
index 0000000000000..8b52aa6ed4010
--- /dev/null
+++ b/x-pack/solutions/security/plugins/security_solution/public/detections/components/alerts_table/grouping_settings/default_grouping_options.tsx
@@ -0,0 +1,49 @@
+/*
+ * Copyright Elasticsearch B.V. and/or licensed to Elasticsearch B.V. under one
+ * or more contributor license agreements. Licensed under the Elastic License
+ * 2.0; you may not use this file except in compliance with the Elastic License
+ * 2.0.
+ */
+
+import type { GroupOption } from '@kbn/grouping/src';
+import { i18n } from '@kbn/i18n';
+
+const RULE_NAME = i18n.translate('xpack.securitySolution.alertsTable.groups.ruleName', {
+  defaultMessage: 'Rule name',
+});
+
+const USER_NAME = i18n.translate('xpack.securitySolution.alertsTable.groups.userName', {
+  defaultMessage: 'User name',
+});
+
+const HOST_NAME = i18n.translate('xpack.securitySolution.alertsTable.groups.hostName', {
+  defaultMessage: 'Host name',
+});
+
+const SOURCE_IP = i18n.translate('xpack.securitySolution.alertsTable.groups.sourceIP', {
+  defaultMessage: 'Source IP',
+});
+
+/**
+ * Returns a list of fields for the default grouping options. These are displayed in the `Group alerts by` dropdown button.
+ *
+ * These go hand in hand with defaultGroupTitleRenderers, defaultGroupStats and defaultGroupStatsAggregations.
+ */
+export const defaultGroupingOptions: GroupOption[] = [
+  {
+    label: RULE_NAME,
+    key: 'kibana.alert.rule.name',
+  },
+  {
+    label: USER_NAME,
+    key: 'user.name',
+  },
+  {
+    label: HOST_NAME,
+    key: 'host.name',
+  },
+  {
+    label: SOURCE_IP,
+    key: 'source.ip',
+  },
+];
diff --git a/x-pack/solutions/security/plugins/security_solution/public/detections/components/alerts_table/grouping_settings/index.tsx b/x-pack/solutions/security/plugins/security_solution/public/detections/components/alerts_table/grouping_settings/index.tsx
index 10f95266bb57a..83b03e1105cdb 100644
--- a/x-pack/solutions/security/plugins/security_solution/public/detections/components/alerts_table/grouping_settings/index.tsx
+++ b/x-pack/solutions/security/plugins/security_solution/public/detections/components/alerts_table/grouping_settings/index.tsx
@@ -5,7 +5,9 @@
  * 2.0.
  */
 
-export * from './group_stats';
-export * from './group_panel_renderers';
+export * from './default_grouping_options';
+export * from './default_group_stats_aggregations';
+export * from './default_group_stats_renderers';
+export * from './default_group_title_renderers';
 export * from './group_take_action_items';
 export * from './query_builder';
diff --git a/x-pack/solutions/security/plugins/security_solution/public/detections/components/alerts_table/grouping_settings/query_builder.test.ts b/x-pack/solutions/security/plugins/security_solution/public/detections/components/alerts_table/grouping_settings/query_builder.test.ts
index 0ca672ba20d16..078da669d4932 100644
--- a/x-pack/solutions/security/plugins/security_solution/public/detections/components/alerts_table/grouping_settings/query_builder.test.ts
+++ b/x-pack/solutions/security/plugins/security_solution/public/detections/components/alerts_table/grouping_settings/query_builder.test.ts
@@ -5,18 +5,20 @@
  * 2.0.
  */
 
-import { getAlertsGroupingQuery } from '.';
+import type { AlertsGroupingQueryParams } from '.';
+import { defaultGroupStatsAggregations, getAlertsGroupingQuery } from '.';
 import { getQuery } from './mock';
 
-let sampleData = {
+let sampleData: AlertsGroupingQueryParams = {
+  additionalFilters: [{ bool: { filter: [], must: [], must_not: [], should: [] } }],
   from: '2022-12-29T22:57:34.029Z',
-  to: '2023-01-28T22:57:29.029Z',
+  groupStatsAggregations: defaultGroupStatsAggregations,
   pageIndex: 0,
   pageSize: 25,
   runtimeMappings: {},
-  uniqueValue: 'aSuperUniqueValue',
   selectedGroup: 'kibana.alert.rule.name',
-  additionalFilters: [{ bool: { filter: [], must: [], must_not: [], should: [] } }],
+  uniqueValue: 'aSuperUniqueValue',
+  to: '2023-01-28T22:57:29.029Z',
 };
 
 describe('getAlertsGroupingQuery', () => {
diff --git a/x-pack/solutions/security/plugins/security_solution/public/detections/components/alerts_table/grouping_settings/query_builder.ts b/x-pack/solutions/security/plugins/security_solution/public/detections/components/alerts_table/grouping_settings/query_builder.ts
index 0ee1794e384a8..0a7f404cc24f9 100644
--- a/x-pack/solutions/security/plugins/security_solution/public/detections/components/alerts_table/grouping_settings/query_builder.ts
+++ b/x-pack/solutions/security/plugins/security_solution/public/detections/components/alerts_table/grouping_settings/query_builder.ts
@@ -6,15 +6,19 @@
  */
 
 import type { BoolQuery } from '@kbn/es-query';
-import type { NamedAggregation } from '@kbn/grouping';
-import { isNoneGroup, getGroupingQuery } from '@kbn/grouping';
+import { getGroupingQuery, isNoneGroup, type NamedAggregation } from '@kbn/grouping';
 import type { RunTimeMappings } from '../../../../sourcerer/store/model';
 
-interface AlertsGroupingQueryParams {
+export interface AlertsGroupingQueryParams {
   additionalFilters: Array<{
     bool: BoolQuery;
   }>;
   from: string;
+  /**
+   * Function that returns the group aggregations by field.
+   * This is then used to render values in the EuiAccordion `extraAction` section.
+   */
+  groupStatsAggregations: (field: string) => NamedAggregation[];
   pageIndex: number;
   pageSize: number;
   runtimeMappings: RunTimeMappings;
@@ -26,6 +30,7 @@ interface AlertsGroupingQueryParams {
 export const getAlertsGroupingQuery = ({
   additionalFilters,
   from,
+  groupStatsAggregations,
   pageIndex,
   pageSize,
   runtimeMappings,
@@ -40,186 +45,10 @@ export const getAlertsGroupingQuery = ({
       to,
     },
     groupByField: selectedGroup,
-    statsAggregations: !isNoneGroup([selectedGroup])
-      ? getAggregationsByGroupField(selectedGroup)
-      : [],
+    statsAggregations: !isNoneGroup([selectedGroup]) ? groupStatsAggregations(selectedGroup) : [],
     pageNumber: pageIndex * pageSize,
     runtimeMappings,
     uniqueValue,
     size: pageSize,
     sort: [{ unitsCount: { order: 'desc' } }],
   });
-
-const getAggregationsByGroupField = (field: string): NamedAggregation[] => {
-  const aggMetrics: NamedAggregation[] = [
-    {
-      unitsCount: {
-        cardinality: {
-          field: 'kibana.alert.uuid',
-        },
-      },
-    },
-  ];
-  switch (field) {
-    case 'kibana.alert.rule.name':
-      aggMetrics.push(
-        ...[
-          {
-            description: {
-              terms: {
-                field: 'kibana.alert.rule.description',
-                size: 1,
-              },
-            },
-          },
-          {
-            countSeveritySubAggregation: {
-              cardinality: {
-                field: 'kibana.alert.severity',
-              },
-            },
-          },
-          {
-            severitiesSubAggregation: {
-              terms: {
-                field: 'kibana.alert.severity',
-              },
-            },
-          },
-          {
-            usersCountAggregation: {
-              cardinality: {
-                field: 'user.name',
-              },
-            },
-          },
-          {
-            hostsCountAggregation: {
-              cardinality: {
-                field: 'host.name',
-              },
-            },
-          },
-          {
-            ruleTags: {
-              terms: {
-                field: 'kibana.alert.rule.tags',
-              },
-            },
-          },
-        ]
-      );
-      break;
-    case 'host.name':
-      aggMetrics.push(
-        ...[
-          {
-            rulesCountAggregation: {
-              cardinality: {
-                field: 'kibana.alert.rule.rule_id',
-              },
-            },
-          },
-          {
-            countSeveritySubAggregation: {
-              cardinality: {
-                field: 'kibana.alert.severity',
-              },
-            },
-          },
-          {
-            severitiesSubAggregation: {
-              terms: {
-                field: 'kibana.alert.severity',
-              },
-            },
-          },
-          {
-            usersCountAggregation: {
-              cardinality: {
-                field: 'user.name',
-              },
-            },
-          },
-        ]
-      );
-      break;
-    case 'user.name':
-      aggMetrics.push(
-        ...[
-          {
-            rulesCountAggregation: {
-              cardinality: {
-                field: 'kibana.alert.rule.rule_id',
-              },
-            },
-          },
-          {
-            countSeveritySubAggregation: {
-              cardinality: {
-                field: 'kibana.alert.severity',
-              },
-            },
-          },
-          {
-            severitiesSubAggregation: {
-              terms: {
-                field: 'kibana.alert.severity',
-              },
-            },
-          },
-          {
-            hostsCountAggregation: {
-              cardinality: {
-                field: 'host.name',
-              },
-            },
-          },
-        ]
-      );
-      break;
-    case 'source.ip':
-      aggMetrics.push(
-        ...[
-          {
-            rulesCountAggregation: {
-              cardinality: {
-                field: 'kibana.alert.rule.rule_id',
-              },
-            },
-          },
-          {
-            countSeveritySubAggregation: {
-              cardinality: {
-                field: 'kibana.alert.severity',
-              },
-            },
-          },
-          {
-            severitiesSubAggregation: {
-              terms: {
-                field: 'kibana.alert.severity',
-              },
-            },
-          },
-          {
-            hostsCountAggregation: {
-              cardinality: {
-                field: 'host.name',
-              },
-            },
-          },
-        ]
-      );
-      break;
-    default:
-      aggMetrics.push({
-        rulesCountAggregation: {
-          cardinality: {
-            field: 'kibana.alert.rule.rule_id',
-          },
-        },
-      });
-  }
-  return aggMetrics;
-};
diff --git a/x-pack/solutions/security/plugins/security_solution/public/detections/pages/alerts/detection_engine.tsx b/x-pack/solutions/security/plugins/security_solution/public/detections/pages/alerts/detection_engine.tsx
index e0ba47fc10afc..eea1517dd5305 100644
--- a/x-pack/solutions/security/plugins/security_solution/public/detections/pages/alerts/detection_engine.tsx
+++ b/x-pack/solutions/security/plugins/security_solution/public/detections/pages/alerts/detection_engine.tsx
@@ -34,6 +34,12 @@ import {
 import { isEqual } from 'lodash';
 import type { FilterGroupHandler } from '@kbn/alerts-ui-shared';
 import type { RunTimeMappings } from '@kbn/timelines-plugin/common/search_strategy';
+import {
+  defaultGroupingOptions,
+  defaultGroupStatsAggregations,
+  defaultGroupStatsRenderer,
+  defaultGroupTitleRenderers,
+} from '../../components/alerts_table/grouping_settings';
 import { DetectionEngineFilters } from '../../components/detection_engine_filters/detection_engine_filters';
 import { FilterByAssigneesPopover } from '../../../common/components/filter_by_assignees_popover/filter_by_assignees_popover';
 import type { AssigneesIdsSelection } from '../../../common/components/assignees/types';
@@ -321,6 +327,14 @@ const DetectionEnginePageComponent: React.FC<DetectionEngineComponentProps> = ()
     [alertsTableDefaultFilters, isAlertTableLoading]
   );
 
+  const accordionExtraActionGroupStats = useMemo(
+    () => ({
+      aggregations: defaultGroupStatsAggregations,
+      renderer: defaultGroupStatsRenderer,
+    }),
+    []
+  );
+
   if (loading) {
     return (
       <SecuritySolutionPageWrapper>
@@ -420,8 +434,11 @@ const DetectionEnginePageComponent: React.FC<DetectionEngineComponentProps> = ()
               <EuiSpacer size="l" />
             </Display>
             <GroupedAlertsTable
+              accordionButtonContent={defaultGroupTitleRenderers}
+              accordionExtraActionGroupStats={accordionExtraActionGroupStats}
               currentAlertStatusFilterValue={statusFilter}
               defaultFilters={alertsTableDefaultFilters}
+              defaultGroupingOptions={defaultGroupingOptions}
               from={from}
               globalFilters={filters}
               globalQuery={query}
diff --git a/x-pack/solutions/security/plugins/security_solution/public/entity_analytics/components/top_risk_score_contributors_alerts/index.tsx b/x-pack/solutions/security/plugins/security_solution/public/entity_analytics/components/top_risk_score_contributors_alerts/index.tsx
index 2b4545a7540af..8c5cb2c2d320d 100644
--- a/x-pack/solutions/security/plugins/security_solution/public/entity_analytics/components/top_risk_score_contributors_alerts/index.tsx
+++ b/x-pack/solutions/security/plugins/security_solution/public/entity_analytics/components/top_risk_score_contributors_alerts/index.tsx
@@ -9,10 +9,14 @@ import React, { useCallback, useMemo } from 'react';
 import { TableId } from '@kbn/securitysolution-data-table';
 import { EuiFlexGroup, EuiFlexItem, EuiPanel } from '@elastic/eui';
 import type { Filter } from '@kbn/es-query';
-
 import type { RunTimeMappings } from '@kbn/timelines-plugin/common/search_strategy';
+import {
+  defaultGroupingOptions,
+  defaultGroupStatsAggregations,
+  defaultGroupStatsRenderer,
+  defaultGroupTitleRenderers,
+} from '../../../detections/components/alerts_table/grouping_settings';
 import { HeaderSection } from '../../../common/components/header_section';
-
 import * as i18n from './translations';
 import type { RiskInputs } from '../../../../common/entity_analytics/risk_engine';
 import type { EntityRiskScore } from '../../../../common/search_strategy';
@@ -95,6 +99,16 @@ export const TopRiskScoreContributorsAlerts = <T extends EntityType>({
     [inputFilters, filters]
   );
 
+  const defaultFilters = useMemo(() => [...inputFilters, ...filters], [filters, inputFilters]);
+
+  const accordionExtraActionGroupStats = useMemo(
+    () => ({
+      aggregations: defaultGroupStatsAggregations,
+      renderer: defaultGroupStatsRenderer,
+    }),
+    []
+  );
+
   return (
     <EuiPanel hasBorder data-test-subj="topRiskScoreContributorsAlerts">
       <EuiFlexGroup gutterSize={'none'}>
@@ -117,7 +131,10 @@ export const TopRiskScoreContributorsAlerts = <T extends EntityType>({
         >
           <EuiFlexItem grow={1}>
             <GroupedAlertsTable
-              defaultFilters={[...inputFilters, ...filters]}
+              accordionButtonContent={defaultGroupTitleRenderers}
+              accordionExtraActionGroupStats={accordionExtraActionGroupStats}
+              defaultFilters={defaultFilters}
+              defaultGroupingOptions={defaultGroupingOptions}
               from={from}
               globalFilters={filters}
               globalQuery={query}