Viewing and Reporting False Positives
  • 02 Sep 2022
  • 1 Minute to read
  • Dark

Viewing and Reporting False Positives

  • Dark

Follow these steps to access the Observations/False Positives card on an Indicator’s Details screen, which is where you can view and report false positives for the Indicator:

  1. Navigate to an Indicator’s Details screen (Figure 1). For instructions on accessing an Indicator’s Details screen, see the “Viewing the Details Screen” section of The Details Screen.

    Graphical user interface  Description automatically generated


  2. Scroll down to the Observations/False Positives card on the right side of the screen (Figure 2), which includes three items regarding false positives:
    • Report False Positive checkbox: Select this checkbox to report the Indicator as a false positive.
    • False Positives Reported: The number of times the Indicator has been reported as a false positive.
    • Last Reported: The most recent date when the Indicator was reported as a false positive.
    Graphical user interface, application  Description automatically generated


  3. Select the Report False Positive checkbox. An updated false-positive count and a View Details link will be displayed next to False Positives Reported, and the current date will be displayed next to Last Reported (Figure 3).

    Graphical user interface, text, application  Description automatically generated


  4. Click the View Details link to display the False Positive List window, which provides a list of users who reported false positives and the dates on which the false positives were reported (Figure 4). If desired, click Delete Icon  Description automatically generatedto delete a false-positive report.

    Graphical user interface, table  Description automatically generated with medium confidence


Standard Users can report false positives and view the date on which they were reported; Read Only Users can only view the date on which false positives were reported. Full names of users who reported false positives will be displayed only for users in the same Organization or for users who have a role that allows the viewing of System accounts (e.g., Administrator, Accounts Administrator, or Community Leader). Users who can view the full names of users who have reported false positives may also delete false-positive reports if their Organization role is Standard User, Sharing User, or Organization Administrator.

ThreatConnect® is a registered trademark of ThreatConnect, Inc.

20047-02 v.08.A

Was this article helpful?