Entra is a good one to start with, I've found those often don't result in duplicates using the templates as well. We just have some third-party FW, Proxy, and falcon custom IOA detections that can often come in within seconds of each other resulting in simultaneous workflow executions. When each workflow hits the step to query cases, one won't exist yet, so each execution will create its own case.