Duplication Rule SecOps level

AndreeaI · ‎05-27-2025

Hi everyone,

I’ve been assigned a task to investigate what Duplication Rules entail within the Security Operations (SecOps) module. Could someone please provide more insight into how Duplication Rules work in this context?

Is there any official training or documentation available that specifically covers this feature?

For context:

We do not have Email Parsing configured at this time.
Security Incidents are created either manually by analysts, submitted by users via the Self-Service Portal, or generated through automation.

Any advice, best practices, or references would be greatly appreciated!

Thank you in advance!

Periyasamy P · ‎07-31-2025

As you mentioned, this duplication rule is meant for email parse to identify duplicate incidents and take action. If needed, you can extend this feature and use in other place as per needed. And you need to maintain this, if this baseline functionality is updated or changed.

Script include "sn_sec_cmn.Transformation", helps you run duplication rule.