Skip to main content
Panther Knowledge Base

How does Panther handle alert deduplication if rules share the same dedup string and dedup period?

  1. Last updated
  2. Save as PDF

QUESTION

If I have two different analysis rules that produce the same dedup string value and this happens within a DedupPeriodMinutes, will this result in only one alert being generated or two separate alerts?

ANSWER

Two separate but identical rules that share the same dedup string value, within the same dedup period, will produce two separate alerts. 

The deduplication functionality corresponds to each separate rule. 

  1. Back to top
  • Was this article helpful?

Recommended articles

  1. Page type
    Topic
  2. Tags
    This page has no tags.