check-duplicates

Check for duplicate or similar cases. Use before deep analysis to avoid investigating the same incident twice. Takes a CASE_ID and returns list of similar cases.

Quality

85%

Does it follow best practices?

Impact

Pending

No eval scenarios have been run

Securityby

Passed

No known issues

Check Duplicates Skill

Identify potentially duplicate or similar existing cases before starting deep analysis.

Inputs

CASE_ID - The ID of the current case to check
ALERT_GROUP_IDENTIFIERS - Alert group identifiers for the case
(Optional) DAYS_BACK - How many days to search back (default: 7)
(Optional) INCLUDE_OPEN - Include open cases (default: true)
(Optional) INCLUDE_CLOSED - Include closed cases (default: false)

Workflow

Step 1: Execute Similarity Check

secops-soar.siemplify_get_similar_cases(
    case_id=CASE_ID,
    alert_group_identifiers=ALERT_GROUP_IDENTIFIERS,
    days_back=DAYS_BACK,
    include_open_cases=INCLUDE_OPEN,
    include_closed_cases=INCLUDE_CLOSED
)

Step 2: Process Results

Extract the list of similar case IDs from the response.

Outputs

Output	Description
`SIMILAR_CASE_IDS`	List of case IDs identified as potentially similar/duplicate
`SIMILARITY_CHECK_STATUS`	Success/failure status of the check

Usage Pattern

1. Check duplicates BEFORE enrichment
2. If duplicates found:
   - Review similar case(s)
   - If confirmed duplicate: close as duplicate
   - If related but distinct: note correlation, continue
3. If no duplicates: proceed with analysis

When Duplicates Are Found

If SIMILAR_CASE_IDS is not empty:

Document: "Closing as duplicate of [Similar Case ID]"
Close with:
- Reason: NOT_MALICIOUS
- Root cause: Similar case is already under investigation

Repository: dandye/ai-runbooks
Commit: 4d132c7

Last updated: 16 days ago
Created: 16 days ago

Is this your skill?

If you maintain this skill, you can claim it as your own. Once claimed, you can manage eval scenarios, bundle related skills, attach documentation or rules, and ensure cross-agent compatibility.