Im new to secops needed a clarification that if we are using qradar offenses connector and fetching the offences, then on what filters it fetches the offenses as it creates duplicate case for same offense multiple times if new events are added to that offense on SIEM even though the previous case wasn't closed yet. How can we avoid this. I need to only fetch unique offenses each time and once the case with same offense is closed then only new case should be created if in case any new events are appended to previous offense.
Kindly Help me to configure this!