Hi Team,
when email alert forwarding is enabled on both the customer level and the SOP level (with two different email addresses configured), the same alert is sent multiple times.
This causes duplicate tickets on the SOP end and unnecessary noise in downstream systems.
Use Case / Example:
- Email alert forwarding is active for an individual customer.
- The same forwarding is also active at the SOP level with a different recipient address.
- The intention behind this setup is to make sure no alert is missed - if customer-level forwarding is not configured or accidentally left empty, SOP-level forwarding ensures that critical notifications are still sent.
- However, if both levels are active at the same time, an alert generated under the customer level is forwarded both directly (customer rule) and indirectly (SOP rule).
- Because the system does not currently perform deduplication, recipients end up receiving two separate emails about the exact same alert.
Requested Improvement:
Introduce a deduplication mechanism for email forwarding:
- Forwarding begins at the lowest level (customer).
- Recipients are stored in a "notified list."
- When forwarding from higher levels (SOP or global), the system checks against this list.
- If the recipient has already received the alert → do not send again.
- If not → send and update the list.
Benefits:
- Prevents redundant alerts when both customer and SOP forwarding are enabled.
- Ensures that at least one alert notification is always sent (avoiding the risk of missed incidents - the original reason for SOP-level forwarding).
- Reduces noise and improves operational clarity.
Impact:
This improvement would significantly enhance the usability of email alert forwarding in WithSecure Portal for SOP-based setups. It ensures alerts are always delivered but never duplicated, reduces duplicate tickets on the SOP end, and improves overall alert handling efficiency.
Thanks in advance.
Piotr.
