ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

Multiple alerts generated for the same event

book

Article ID: 228149

calendar_today

Updated On:

Products

CASB Security Premium CASB Securlet SAAS With DLP-CDS CASB Gateway

Issue/Introduction

CloudSOC and DLP are sending multiple alerts for the same event.

Cause

The 3rd party SaaS is sending multiple retries for the same event.  For example, a login by a user may fail but be set to retry the same login 5 times over 10 seconds.  These retries may be invisible to the user.

Resolution

When a SaaS retries an event, CloudSOC and DLP will generate an additional alerts on each retry.  This has been investigated by development and there is no way for CloudSOC or DLP to identify multiple retries as belonging to the same event.