one of our customer report that duplicated event ingests from Check Point IPD/IPS with syslog type, these events don't ingest randomly time manner.
Fort example, time range was various such as 5 mins,1 hours or 3 hours and ETC.
This causes that duplicated correlation events were fired depending on how Base events ingested from CP IDS/IPS and
SOC analysts verified whether correlation events duplicated or not, so it doesn't seem to be an effective work process.
I would like to ask that it would be possibility of feature enhancement for these issues.
For example, Smart connector would be able to filter out this duplicated events when ingesting events.
I would appreciate it, if you can provide any helpful information or consider feature enhancement.