Deduplication

Deduplication consolidates STIX Entities reported by multiple intelligence sources into single Unified Entities, streamlining threat analysis and reducing data noise within Intelligence Center. When multiple sources report on the same Threat Actor, Malware, Campaign, or other STIX Entity, Intelligence Center can automatically identify and unify these duplicate Entities based on configurable matching criteria.

Each Unified Entity aggregates properties from all contributing Entities, including descriptions, tags, techniques, and relationships. When sources provide conflicting information, the system applies configurable precedence rules—optionally prioritizing a designated Preferred source—to determine which properties to display in the Unified Entity.

Deduplication operates automatically on newly ingested data and can be executed manually on existing data, ensuring both ongoing and historical intelligence benefits from consolidation.

Deduplication does not delete any original data — all source information is preserved as contributing Entities, ensuring complete data retention and traceability, with the ability to examine individual contributing Entities and their original source data at any time.

• Configure deduplication
• Browse Unified Entities
• View Unified Entity Details