Hi, guys!

We are having some issues about the follow situation: The SIEM Team (QRadar SIEM) clean all offenses (Clean SIM Model function on QRadar SIEM) after a support with IBM Team to clean all ofenses.

Now, We are having problems when the Offense ID are the same which was responded in the past in another incident on QRadar SOAR.

SIEM are escalating with QRadar SOAR Plugin app, and receive a message when try to escalate the offense and create an new incident ID on SOAR:

"Success! Case was not created as matching incident already exists."

So, SIEM can update the incident, but not create a new incident, because when It tries, It founds the same Offense ID on SOAR, and to avoid conflict, It update the incident related to the Offense ID, but not create the incident.

How Can We solve this problem, and restart to respond the incidents creating new ones and avoid the offense ID number conflict?

Someone saw some like this?

Thank You!