When a custom connector runs automatically and ingests the same alerts, cases, or events (alertInfo/caseInfo objects), does it recreate them or avoid duplication if the same event already exists in the SOAR system under a different case number? While a new test-run is performed it found that it creates a new one but I am curious about the behavior during automatic execution !
Handling Duplicate Alerts in SOAR with Enabled Connector
+5
+10During ETL (extract, transform, and load), duplicates are skipped, but only if you assign the same Alert Identifier repeatedly.
However, If you generate a new Alert Identifier each time, it won't be skipped.
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.