Advance Threat Protection (ATP) sends duplicate events to Splunk server.