Welcome › Forums › Investigate Workflows › Avoiding False Positive Incidents (Tag Whitelist)
- This topic is empty.
Viewing 1 post (of 1 total)
- AuthorPosts
- May 5, 2022 at 3:33 pm #3282Mike RiforgiateKeymaster
There may be some tools at may inaccurately identify certain conditions or events as an ALERT or an ALARM, when it should probably only be INFO.
If you find this to be the case, you can execute the following to help Precinct identify those false positives properly.
- Look at the artifact for the event and expand and identify the tags associated to it.
- Choose which tag(s) can be used to identify a benign event and copy the text.
- Paste the tag text into the Tag Whitelist section found in Admin > Settings > Artifact Tag Whitelist
- Submit the settings change at the bottom of the screen
NOTE: Since this action has the potential to ignore activities that may be actual threats, please ensure the events you intend to tag whitelist are, in fact, benign events.
- AuthorPosts
Viewing 1 post (of 1 total)
- You must be logged in to reply to this topic.