You can determine if an alert is either a true or false positive.

Use the Alert Details pane to provide a True Positive or False Positive alert determination for alerts.

By providing feedback, analysts can contribute to training the model and enhancing the accuracy of the classification system over time. By analyzing the feedback from users, the system improves its classification algorithm and becomes better trained to identify threats in the future.

Note: By default, the determination is set to None.

Procedure

  1. On the left navigation pane, click Alerts.
  2. To view the details of an alert, do one of the following:
    • Double-click the alert.
    • Click the > to the right of the Actions column.

    Alert Detail pane showing anomaly classifications and add determination option

  3. Click True Positive or False Positive to provide alert determination feedback for the alert.
    Note: This feedback pertains to the evaluation of the specific alert itself rather than the prediction output of the model. Providing feedback is valuable to train the alert classification system, because it performs inferences on the same input stream of alerts.