Kaspersky CyberTrace allows you to mark indicators and the related detections as false positives, to view the false positive indicators and related detections on the graph, and display or hide the false positives in the lists of indicators, detections, or on the dashboard.
The false positives list is checked only after an incoming event has been matched against all the feeds. The main purpose of the false positives list is to enable Kaspersky CyberTrace to ignore detections for trusted indicators. If any feed produces a detection, but a given indicator is found in the false positives list, Kaspersky CyberTrace does not generate a detection alert.
If the same indicator is added to Internal TI list and to the false positives list, it is not ignored.