De-duplicate incidents either manually or automatically in Cortex XSOAR. Mark as duplicate using pre-process rules or playbooks.
In the lifecycle of incident management, there are cases when incidents are duplicated. Cortex XSOAR provides the following de-duplication capabilities:
Manual De-Duplication: You can manually de-duplicate incidents from the Incidents page. To de-duplicate incidents manually, see De-Duplicate Incidents Manually.
Scripts: You can create a script that creates child incidents from duplicates.
Playbooks: Identify, review or close duplicate incidents using playbooks.
There are several out-of-the-box playbooks you can run to identify and close duplicate incidents. Alternatively, you can use these playbooks as the basis for customized de-duplication playbooks. For example, instead of automatically closing the duplicate incidents, include a manual review of the duplicate incidents.