Removing indicators from false positives
On the Indicators page, you can remove indicators from false positives. To access this page, you need to switch to the Data management mode.
Indicators can be removed from false positives in the following ways:
- In the table with indicators
Here, you can remove either a single indicator or several indicators at once.
- On the page of a certain indicator
You can also manually remove indicators from the list of false positives.
To remove indicators from false positives in the table with indicators:
- Do either of the following:
- In the FP column of the table with indicators, click the
_new.svg)
(Click to remove the indicator from false positives.) icon for the required indicator. - In the table with indicators, select the check boxes next to the required indicators, and then click False positive → Remove indicators.
- In the FP column of the table with indicators, click the
- In the confirmation window that opens:
- If you want to remove indicator-related detections from false positives, keep the Remove related detections from false positives check box selected.
- Click the Remove button.
Confirmation of removing an indicator from false positives
The selected indicators are removed from false positives. If you selected this option, the related detections are also removed from false positives.
The indicators that are not marked as false positives are displayed with the _new.svg)
icon in the FP column of the indicators table.
To remove an indicator from false positives on the page of a certain indicator:
- In the table with indicators, click the value of the required indicator.
- Do either of the following:
- If the selected indicator is of several types, do one of the following:
- Click the False positive button, and then click Remove {{type}} from false positives, where {{type}} is the indicator type that you want to remove from false positives.
- Click the False positive button, and then click Remove all from false positives if you want to remove all indicator types from false positives.
- If the selected indicator has only one type, click Remove from false positives.
- If the selected indicator is of several types, do one of the following:
- In the confirmation window that opens:
- If you want to remove indicator-related detections from false positives, keep the Remove related detections from false positives check box selected.
- Click the Remove button.
The indicator is removed from false positives. If you selected this option, the related detections are also removed from false positives.
The indicators that are not marked as false positives are displayed with the icon in the FP column of the indicators table.