Concord engine vocabulary
Semantic Alert Dedup
Collapses alerts that describe the same incident across different tools into one narrative, using calibrated identity, not string matching.
Definition
Semantic Alert Dedup is the surface in Concord by IaxaI that uses entity resolution and the knowledge graph to collapse multi-tool alert noise into incident narratives. A phishing alert in CrowdStrike, a suspicious login in Okta, and a firewall block in Palo Alto that all describe the same actor in the same window are not three alerts. They are one story. Dedup walks the knowledge graph from each alert's seed entities (IP, user, host, hash) and uses the calibrated entity resolver to decide whether two alerts share an actor with high enough confidence to merge. Matches above the auto-merge threshold collapse silently. Matches in the middle band surface a proposed merge for analyst review. Matches below the floor stay separate. The result is an alert volume that drops by an order of magnitude without losing signal, and analysts who finally see one timeline per incident instead of three queues.
See also
Related capabilities and terms
Calibrated Identity
Entity resolution with a coverage-guaranteed prediction set. Concord tells you when it doesn't know, instead of guessing.
Knowledge Graph (retrieval)
A dense-sparse graph of entities, events, and triples queried through tiered retrieval with embedding similarity and Personalized PageRank.
SOC Analyst
The persona doing the daily work: triaging alerts, running investigations, writing detections. The MSSP variant works across many tenants from one console.
SIEM
Security Information and Event Management. The log-aggregation and rules platform every security practice runs. Concord by IaxaI sits above the SIEM, not next to it.
Stop reconciling. Start trusting one timeline.
30-minute walkthrough. Your tools. Your tenants. Your audit cycle. We will show you exactly where Concord earns its keep.