Contents x
False Positives Overview
  • 18 Mar 2024
  • 1 Minute to read
  • Print
  • Dark
    Light
Contents

False Positives Overview

  • Updated on 18 Mar 2024
  • 1 Minute to read
  • Print
  • Dark
    Light
Article Summary

Overview

A false positive refers to an Indicator that has been erroneously classified as malicious. ThreatConnect® allows users to report false positives, although this feature is limited to once a day per Indicator per user; thus, different users may report the same Indicator once on the same day. The status of the Event Group can also be set to “False Positive,” and, if desired, all Indicators associated to the Event can be marked as false positives.

Before You Start

Minimum Role(s)
  • Organization role of Read Only User (for viewing false-positive counts and dates on which false positives were reported) 
  • Organization role of Standard User (for reporting false positives) 
  • Organization role of Organization Administrator (for enabling data from API users to be included in the observations and false-positive counts)
PrerequisitesAn Indicator or Event Group

ThreatConnect® is a registered trademark of ThreatConnect, Inc.

20047-01 v.08.A

Was this article helpful?
Related articles
What's Next
Company
Sales and Support
Follow Us
© 2012–2023 ThreatConnect, Inc. All Rights Reserved.