Marking indicators as false positives
On the Indicators page, you can mark indicators as false positives. To access this page, you need to switch to the Data management mode.
Indicators can be marked as false positives in the following ways:
- In the table with indicators
Here, you can mark either a single indicator or several indicators at once.
- On the page of a certain indicator
You can also manually add indicators to the list of false positives.
To mark indicators as false positives:
- Do either of the following:
- In the FP column of the table with indicators, click the
_new.svg)
(Click to mark indicator as a false positive) icon for the required indicator. - In the table with indicators, select the check boxes next to the required indicators.
- In the table with indicators, click the value of the required indicator.
- In the FP column of the table with indicators, click the
- Do either of the following:
- If some of the selected indicators are of several types, do one of the following:
- Click the False positive button, and then click Mark {{type}} as false positives, where {{type}} is the indicator type that you want to mark as a false positive.
- Click the False positive button, and then click Mark all as false positives if you want to mark all indicator types as false positives.
- If none of the selected indicators have several types, click Mark indicators.
- If some of the selected indicators are of several types, do one of the following:
- In the confirmation window that opens:
- If you want to mark as false positives the detections related to the indicators, keep the Mark related detections as false positives check box selected.
- Click the Mark button.
Confirmation of marking an indicator as a false positive
The selected indicators are marked as false positives. If you selected this option, the related detections are also marked as false positives.
The indicators that are marked as false positives are displayed with the _new.svg)
icon in the FP column of the indicators table.