A system and method for the aggregation and grouping of previously identified, causally related abnormal operating condition, that are observed in a monitored environment, is disclosed. Agents are deployed to the monitored environment which capture data describing structural aspects of the monitored environment, as well as data describing activities performed on it, like the execution of distributed transactions. The data describing structural aspects is aggregated into a topology model which describes individual components of the monitored environments, their communication activities and resource dependencies and which also identifies and groups components that serve the same purpose, like e.g. processes executing the same code. Activity related monitoring data is constantly monitored to identify abnormal operating conditions. Data describing abnormal operating condition is analyzed in combination with topology data to identify networks of causally related abnormal operating conditions. Causally related abnormal operating conditions are then grouped using known topological resource and same purpose dependencies. Identified groups are analyzed to determine their root cause relevance.