False Positives Overview
  • 18 Mar 2024
  • 1 Minute to read
  • Dark

False Positives Overview

  • Dark

Article Summary


A false positive refers to an Indicator that has been erroneously classified as malicious. ThreatConnect® allows users to report false positives, although this feature is limited to once a day per Indicator per user; thus, different users may report the same Indicator once on the same day. The status of the Event Group can also be set to “False Positive,” and, if desired, all Indicators associated to the Event can be marked as false positives.

Before You Start

Minimum Role(s)
  • Organization role of Read Only User (for viewing false-positive counts and dates on which false positives were reported) 
  • Organization role of Standard User (for reporting false positives) 
  • Organization role of Organization Administrator (for enabling data from API users to be included in the observations and false-positive counts)
PrerequisitesAn Indicator or Event Group

ThreatConnect® is a registered trademark of ThreatConnect, Inc.

20047-01 v.08.A

Was this article helpful?