Pre-process rules enable you to perform actions on incidents directly from the user interface as soon as they are ingested into Cortex XSOAR.
For example, in Cortex XDR there are file samples to test the effectiveness of an agent. These alerts usually contain "Test" in the alert name. These test alerts generated for checks can be closed automatically in a pre-process rule to avoid server overload.
Note
The Cortex XDR Malware - Investigation And Response playbook runs the Dedup Generic - v4 sub playbook to remove duplicate incidents, so we do not need to add any deduplication pre-process rules at this stage.