Splunk Enterprise Security

Duplicate cases in SOAR

Joei
New Member

After pulling cases from ES to Phantom a certain label is assigned to the event , later it is automatically promoted to a case . 

i have created an playbook that assign labels to the promoted cases (based on the triggered splunk rule) and it works 99% of the times but sometimes i get 2 identical cases with different labels (the newly assign one and the one that is configured in the Splunk app).

has anyone encountered this issue before ? 


0 Karma
Get Updates on the Splunk Community!

Monitoring Postgres with OpenTelemetry

Behind every business-critical application, you’ll find databases. These behind-the-scenes stores power ...

Mastering Synthetic Browser Testing: Pro Tips to Keep Your Web App Running Smoothly

To start, if you're new to synthetic monitoring, I recommend exploring this synthetic monitoring overview. In ...

Splunk Edge Processor | Popular Use Cases to Get Started with Edge Processor

Splunk Edge Processor offers more efficient, flexible data transformation – helping you reduce noise, control ...