Idea ID: 2873371

Duplicated events ingests from Check Point IDS/IPS

Status : New Idea

Hi Team,

one of our customer report that duplicated event ingests from Check Point IPD/IPS with syslog type, these events don't ingest randomly time manner.

Fort example, time range was various such as 5 mins,1 hours or 3 hours and ETC.

This causes that duplicated correlation events were fired depending on how Base events ingested from CP IDS/IPS and 

SOC analysts verified whether correlation events duplicated or not, so it doesn't seem to be an effective work process.

I would like to ask that it would be possibility of feature enhancement for these issues.

For example, Smart connector would be able to filter out this duplicated events when ingesting events.

I would appreciate it, if you can provide any helpful information or consider feature enhancement.

Thank you.

Tags:

Labels:

Connectors
ESM