Why are there duplicate notifications for the same alert?
0
Created On 10/18/18 17:26 PM - Last Modified 06/29/22 21:23 PM
Symptom
Configured an Evident Integration, and it is occasionally generating duplicate notifications for the same alert.
Resolution
There are generally two situations that can produce "duplicate" alerts.
Send Alert Updates
If the configured Integration is Amazon SNS or Webhook, then it is possible for the same alert to generate multiple notifications. If the integration has "Send Alert Updates" option enabled, then the Integration will not only generate a notification when the alert is created, but also generate notifications when the alert is updated (e.g. metadata changed, alert ended). If you do not wish to receive notifications for alert updates, then please disable the "Send Alert Updates" option.
Alert Status Flip
In some cases, an alert's status may flip, causing new alerts with the same exact metadata as the previous alert. Since the metadata is identical, the new alert's notification would appear to be a duplicate. To verify, check the alert ID, a unique identifier, sent with the notification. If the alert ID is different, then the notifications are not actually duplicates. In this case, please investigate the AWS resource in question and see if any changes were made. If it is unclear why the alert's status flipped, please contact support at https://support.paloaltonetworks.com.