@YASARSAHOOD MOHAMMAD , From your description, it seems we want to know the workflow of repeating alert. if there's any misunderstanding, please let us know.
For the repeating alert in SCOM, based on my research, if there are a lot of events in a short time window, and we don't want to get alert storm. We can consider “Alert Suppression” or a consolidator condition detection.
For “Alert Suppression”, when alert suppression is enabled for a rule, only the first alert is sent and further alerts are suppressed. A suppressed alert is not displayed in the Operations console. Operations Manager suppresses only duplicate alerts as defined by the alert suppression criteria. Fields stated in the suppression criteria must be identical for the alert to be considered a duplicate and suppressed. The repeat count for an alert with suppression enabled will be incremented for each suppressed alert. We can also view the Repeat Count in the properties for an alert.
For repeated event detection rule, it will wait for the event to exist in the event log, Start a timer upon the first event, then wait for the timer to expire, Create an alert for the event(s), no matter if there was a single event or thousands of events in the timed window. we can see more details in Kevin's blog as below:
https://kevinholman.com/2016/12/04/alerting-on-events-waiting-for-a-specific-amount-of-time-to-pass/
Note: non-Microsoft link, just for the reference.
Hope it can help.
If the response is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.