Support

Support for business applications

Kaspersky CyberTrace

Administrator guides

Managing Kaspersky CyberTrace Web

Feeds settings

Managing false positives
Kaspersky CyberTrace
Нет результатов
Online Help
FAQ System requirements Download Contact support Recovery tools Product videos

Managing false positives

April 11, 2024

ID 177992

This section explains how to manage the False Positives list on the Feeds tab. Make sure that the General tenant is selected from the drop-down list that has all available tenants, in the upper-left area of the window.

Managing the false positives list

To access the false positives list, click the Manage False Positives button in the Filtering rules for feeds section.

The False Positives window opens:

False positives section in CyberTrace.

False Positives list

You can edit the false positives list of indicators as follows:

  • Select the URL, Hash, or IP address tab to manage the group you want.

    On the URL tab, you can specify a URL containing the wildcard symbol * (for example, example.com/testpage/*, which will match URLs such as example.com/testpage/test1 and example.com/testpage/test/long_url).

    The * symbol in the URL is not used as a wildcard. The * just means the "asterisk."

    Kaspersky CyberTrace will apply normalization rules to any URL that you add on the URL tab and which is not yet contained in the indicator database. Thus, the representation of these URLs may change. For example, if you add a URL that contains a port, this port value will be removed. For instructions on how Kaspersky CyberTrace normalizes a URL, see section "URL normalization rules."

  • Every indicator must be on a separate line in the text box.

The false positives list is checked only after an incoming event has been matched against all the feeds. The main purpose of the false positives list is to enable Kaspersky CyberTrace to ignore detections for trusted indicators. If any feed produces a detection, but a given indicator is found in the false positives list, Kaspersky CyberTrace does not generate a detection event. In this case, on the Dashboard tab, in the Supplier statistics table, the value in the False positives column corresponding to the supplier that produced the detection is incremented by one. The values in the False positives column show how many false detections were produced by each supplier. For more information about the Dashboard, see section Kaspersky CyberTrace Dashboard.

URL normalization rules

Any URLs added to the false positives list on the URL tab will be normalized according to the rules specified in section URL normalization rules.

Did you find this article helpful?
What can we do better?
Thank you for your feedback! You're helping us improve.
Thank you for your feedback! You're helping us improve.