Data from two inline proxies (eg. ProxySG and Trustwaves) are added as datasources.
Can CloudSOC reconcile the data to ensure there is no duplicate entries for the same event?
• There is no reconciliation done in CASB Audit. It simply gathers the logs and forwards them to CloudSOC. SpanVA does not do any parsing of the logs that it collects. There is no way to prevent the duplicates at the SpanVA level. Once the data is received and processed by CloudSOC there isn't any way to prevent the duplicates either. The information in the logs will be seen as events from two different proxies whether they are the same event or not.
• CloudSOC can filter datasources so that the duplicates are not seen in a view (example below, switching between All datasources to a datasource > CloudSOC Audit > Summary > Select Sources).