You can prevent false positive flows from creating offenses. You can tune false positive
flows from the flow list or flow details page.
About this task
You must have appropriate permissions for creating customized rules to tune false
positives.
Procedure
-
Click the Network Activity tab.
-
Optional. If you are viewing flows in streaming mode, click
the Pause icon to pause streaming.
-
Select the flow that you want to tune.
-
Click False Positive.
-
In the Event/Flow Property pane on the False Positive page, select one of
the following options:
- Event/Flow(s) with a specific QID of <Event>
- Any Event/Flow(s) with a low-level category of <Event>
- Any Event/Flow(s) with a high-level category of <Event>
-
In the Traffic Direction pane, select one of the following
options:
- <Source IP Address> to <Destination IP Address>
- <Source IP Address> to any Destination
- Any Source to <Destination IP Address>
- Any Source to any Destination
-
Click Tune.