Kaspersky CyberTrace allows you to mark indicators and the related detections as false positives, as well as to display or hide the statistics of false positives on the Dashboard page.
Marking indicators as false positives
You can mark indicators as false positive in the following ways:
To mark indicators as false positives on the Indicators page:
Along with the indicators, you can mark the related detections as false positives by selecting the corresponding checkbox. This checkbox is selected by default.
Marking indicators as false positives
The indicators marked as false positives are displayed with the icon in the FP column of the indicators table.
To mark an indicator as a false positive on the page of a certain indicator:
The indicator is now marked as false positive.
Removing indicators from false positives
You can remove indicators from false positives in the following ways:
To remove indicators from false positives on the Indicators page:
Along with the indicators, you can remove the related detections from false positives by selecting the corresponding checkbox. This checkbox is selected by default.
Removing indicators from false positives
The indicators that are not marked as false positives are displayed with the icon in the FP column of the indicators table.
To remove an indicator from false positives on the page of a certain indicator:
The indicator is now not marked as false positive.
Viewing indicators and related detections marked as false positive on the graph
To view on the graph whether the indicator or the related detection is marked or not marked as false positive:
A side panel opens on the right, containing detailed information about the node.
An indicator marked as false positive will have Yes.
An indicator not marked as false positive will have No.
False positives info on graph
Graphically, false positive indicators and the related false positive detections are different from ordinary indicators and detections, and are displayed as shown in the figure below:
False positives graphical view on graph
Filtering false positives on the Indicators page
To filter false positives to be displayed on the Indicators page:
The indicators you have selected are now displayed on the page.
Filtering false positives on the Detections page
To filter detections to be displayed on the Detections page:
The detections you have selected are now displayed on the page.
Displaying statistics about false positives on the Dashboard page
To display statistics about false positives on the Dashboard page, turn on the Show false positives toggle switch. The statistics on false positives will be displayed in the Statistics overview section, Supplier statistics section and its donut chart, and the Indicator statistics section and its donut chart.
Page top