Enrich and Deduplicate Events into Alerts using Workflows

After you set up your data ingestions, the next steps are:

  1. Enrich Events with Additional Data — In most cases, you will want to enrich your raw events with additional data. Enrichment provides more flexibility for correlating your alerts into meaningful incidents. Enrichment also makes your alerts more informative and readable.

  2. Event deduplication: how-to and best practices — In some cases, you might want to fine-tune the logic for deduplicating your events into alerts.