Hi Jack, Good to see you here. Would it help if you can introduce a signature for every event and then try to filter based on the signature? a duplicate message might be related to the source or at least once guarantee of Storm.
Cheers, Ali On Fri, Feb 23, 2018 at 3:14 PM, Jack Burgess <j.burgess.m...@gmail.com> wrote: > Long time listener, first time caller. > > There is a case where a packet reaches multiple sensors through normal > configuration and is logged multiple times. > > Understanding which sensors are operating and which network routes are up > is useful from a data science / threat hunting perspective. From an analyst > perspective these duplicate alerts are mostly clutter. > > Is there simple way to toggle out these duplicate alerts in the Alert UI? > > -Jack > -- A.Nazemian
