When a phishing mail is zapped a new investigation with multiple alerts is created. One of them is an email and the others are email cluster:

What is the difference between Email cluster and Email?

And why do I need to approve all of the actions, when they are concerning a single email - or do I need to approve all of them in order to delete the email?