How CloudSOC processes duplicate data between two different datasources
search cancel

How CloudSOC processes duplicate data between two different datasources

book

Article ID: 176029

calendar_today

Updated On:

Products

CASB Security Standard CASB Security Premium CASB Security Advanced CASB Audit CASB Gateway CASB Gateway Advanced

Issue/Introduction

Data from two inline proxies (eg. ProxySG and Trustwaves) are added as datasources.

Can CloudSOC reconcile the data to ensure there is no duplicate entries for the same event?

Resolution

• There is no reconciliation done in CASB Audit. It simply gathers the logs and forwards them to CloudSOC.  SpanVA does not do any parsing of the logs that it collects.  There is no way to prevent the duplicates at the SpanVA level.  Once the data is received and processed by CloudSOC there isn't any way to prevent the duplicates either.  The information in the logs will be seen as events from two different proxies whether they are the same event or not. 

• CloudSOC can filter datasources so that the duplicates are not seen in a view (example below, switching between All datasources to a datasource > CloudSOC Audit > Summary > Select Sources). 

 

Powered by Wolken Software