check-duplicates
Check for duplicate or similar cases. Use before deep analysis to avoid investigating the same incident twice. Takes a CASE_ID and returns list of similar cases.
Best use case
check-duplicates is best used when you need a repeatable AI agent workflow instead of a one-off prompt.
Check for duplicate or similar cases. Use before deep analysis to avoid investigating the same incident twice. Takes a CASE_ID and returns list of similar cases.
Teams using check-duplicates should expect a more consistent output, faster repeated execution, less prompt rewriting.
When to use this skill
- You want a reusable workflow that can be run more than once with consistent structure.
When not to use this skill
- You only need a quick one-off answer and do not need a reusable workflow.
- You cannot install or maintain the underlying files, dependencies, or repository context.
Installation
Claude Code / Cursor / Codex
Manual Installation
- Download SKILL.md from GitHub
- Place it in
.claude/skills/check-duplicates/SKILL.mdinside your project - Restart your AI agent — it will auto-discover the skill
How check-duplicates Compares
| Feature / Agent | check-duplicates | Standard Approach |
|---|---|---|
| Platform Support | Not specified | Limited / Varies |
| Context Awareness | High | Baseline |
| Installation Complexity | Unknown | N/A |
Frequently Asked Questions
What does this skill do?
Check for duplicate or similar cases. Use before deep analysis to avoid investigating the same incident twice. Takes a CASE_ID and returns list of similar cases.
Where can I find the source code?
You can find the source code on GitHub using the link provided at the top of the page.
SKILL.md Source
# Check Duplicates Skill
Identify potentially duplicate or similar existing cases before starting deep analysis.
## Inputs
- `CASE_ID` - The ID of the current case to check
- `ALERT_GROUP_IDENTIFIERS` - Alert group identifiers for the case
- *(Optional)* `DAYS_BACK` - How many days to search back (default: 7)
- *(Optional)* `INCLUDE_OPEN` - Include open cases (default: true)
- *(Optional)* `INCLUDE_CLOSED` - Include closed cases (default: false)
## Workflow
### Step 1: Execute Similarity Check
```
secops-soar.siemplify_get_similar_cases(
case_id=CASE_ID,
alert_group_identifiers=ALERT_GROUP_IDENTIFIERS,
days_back=DAYS_BACK,
include_open_cases=INCLUDE_OPEN,
include_closed_cases=INCLUDE_CLOSED
)
```
### Step 2: Process Results
Extract the list of similar case IDs from the response.
## Outputs
| Output | Description |
|--------|-------------|
| `SIMILAR_CASE_IDS` | List of case IDs identified as potentially similar/duplicate |
| `SIMILARITY_CHECK_STATUS` | Success/failure status of the check |
## Usage Pattern
```
1. Check duplicates BEFORE enrichment
2. If duplicates found:
- Review similar case(s)
- If confirmed duplicate: close as duplicate
- If related but distinct: note correlation, continue
3. If no duplicates: proceed with analysis
```
## When Duplicates Are Found
If `SIMILAR_CASE_IDS` is not empty:
1. Document: "Closing as duplicate of [Similar Case ID]"
2. Close with:
- Reason: `NOT_MALICIOUS`
- Root cause: `Similar case is already under investigation`Related Skills
tpscheck-automation
Automate Tpscheck tasks via Rube MCP (Composio). Always search tools first for current schemas.
speckit-check
Run `specify check` to verify that Spec Kit required tools (git, claude, gemini, code, cursor-agent, windsurf, qwen, opencode, codex, shai, qoder, etc.) are installed and available; interpret results and suggest next steps. Use when the user says "check Spec Kit environment", "specify not working", or "slash commands not showing".
safety-checker
Identifies unsafe operations in Zig code including pointer casts, bounds checking, null pointer dereferences, and undefined behavior. Use when writing low-level code, reviewing safety-critical sections, or debugging crashes.
identitycheck-automation
Automate Identitycheck tasks via Rube MCP (Composio). Always search tools first for current schemas.
aget-check-evolution
Monitor .aget/evolution/ directory health. Validates file counts, naming conventions, disk usage, and returns health status with alerts on anomalies.
add-check
Add a new code quality check to CI, justfile, and pre-commit hooks. Use when adding linters, formatters, type checkers, or other code quality tools to the project.
security-validation-checklist
Guides security validation checklist: Signal protocol security, encryption standards, authentication patterns, data protection. Use when validating security, reviewing security implementations, or ensuring security compliance.
security-compliance-compliance-check
You are a compliance expert specializing in regulatory requirements for software systems including GDPR, HIPAA, SOC2, PCI-DSS, and other industry standards. Perform compliance audits and provide im...
security-checklist
Analyze a security checklist Excel file by interactively identifying the relevant sheet, countermeasure entries, and output column, then checking whether GitHub Enterprise supports each item using the customer-security-trust FAQ and past reference checklists.
Pentest Checklist
This skill should be used when the user asks to "plan a penetration test", "create a security assessment checklist", "prepare for penetration testing", "define pentest scope", "follow security testing best practices", or needs a structured methodology for penetration testing engagements.
owasp-mobile-security-checker
Analyze Flutter and mobile applications for OWASP Mobile Top 10 (2024) security compliance. Use this skill when performing security audits, vulnerability assessments, or compliance checks on mobile applications. Performs automated scans for hardcoded secrets, insecure storage, weak cryptography, network security issues, and provides detailed remediation guidance.
Dependency Health Check
Assess dependency health across CVE exposure, freshness, maintainer risk, and license compatibility