I’ve noticed that accounts created from ISC are not getting unlinked or uncorrelated when the correlation configuration changes. This has been quite frustrating, and I wanted to check if there’s a way to automate the unlinking process when correlation conditions are updated.
For example, during the joiner process, if a new AD account is created and correlated based on employeeNumber, but later the employeeNumber in the target system changes, the next aggregation in ISC should ideally unlink the account. However, this isn’t happening.
Does anyone know why this is occurring and if there’s a way to resolve it? Any insights or solutions would be greatly appreciated.
For this, Unoptimized aggregations needs to be scheduled though API calls. Maybe a powershell script that triggers a unoptimized aggregations or leverage workflows/native detection to detect the change.
This is the expected behavior by IDN. Only unoptimized aggregation can resolve this issue when the correlated value or logic changes, like @arjun_sengupta mentioned. Unoptimized aggregation will reevaluate the correlated account. You can easily trigger an unoptimized aggregation from VSCode as well.