CloudSOC and DLP are sending multiple alerts for the same event.

The 3rd party SaaS is sending multiple retries for the same event.  For example, a login by a user may fail but be set to retry the same login 5 times over 10 seconds.  These retries may be invisible to the user.

When a SaaS retries an event, CloudSOC and DLP will generate additional alerts on each retry.  This has been investigated by development, and there is no way for CloudSOC or DLP to identify multiple retries belonging to the same event.