Managing false positives

This section explains how to manage the False positives list on the Indicators page. To access this page, you need to switch to the Data management mode.

To manage the false positives list:

  1. Click the Manage false positives list button.

    The Manage false positives list window opens:

    Manage false positives list window in CyberTrace.

    Manage false positives list window

    This window displays indicators that you have marked as false positives and indicators that you have added manually, as described in this section.

  2. Select the URL, Hash, or IP address tab to manage the group you want.
  3. Add or remove indicators in the selected group, as required.

    On the URL tab, you can specify a URL containing the wildcard character * (for example, example.com/testpage/*, which will match URLs such as example.com/testpage/test1 and example.com/testpage/test/long_url).

    Kaspersky CyberTrace will apply URL normalization rules to any URL that you add and that is not yet contained in the indicator database. Thus, the representation of a URL may change. For example, if you add a URL that contains a port, the port value will be removed.

    Every indicator must be on a separate line in the text box.

  4. Click the Save button to save the changes.

The list of false positives is updated.

Page top