search cancel

Multiple alerts generated for the same event


Article ID: 228149


Updated On:


CASB Security Premium CASB Securlet SAAS With DLP-CDS CASB Gateway


CloudSOC and DLP are sending multiple alerts for the same event.


The 3rd party SaaS is sending multiple retries for the same event.  For example, a login by a user may fail but be set to retry the same login 5 times over 10 seconds.  These retries may be invisible to the user.


When a SaaS retries an event, CloudSOC and DLP will generate an additional alerts on each retry.  This has been investigated by development and there is no way for CloudSOC or DLP to identify multiple retries as belonging to the same event.