Multiple alerts generated for the same event
search cancel

Multiple alerts generated for the same event


Article ID: 228149


Updated On:


CASB Security Premium CASB Securlet SAAS With DLP-CDS CASB Gateway CASB Security Advanced CASB Security Standard


CloudSOC and DLP are sending multiple alerts for the same event.


The 3rd party SaaS is sending multiple retries for the same event.  For example, a login by a user may fail but be set to retry the same login 5 times over 10 seconds.  These retries may be invisible to the user.


When a SaaS retries an event, CloudSOC and DLP will generate additional alerts on each retry.  This has been investigated by development, and there is no way for CloudSOC or DLP to identify multiple retries belonging to the same event.