Imperva Cyber Community

Expand all | Collapse all

How I reduce/stop the incident(s) that appear in Attack Analytics when I know that it's a False Positive?

  • 1.  How I reduce/stop the incident(s) that appear in Attack Analytics when I know that it's a False Positive?

    Posted 11-02-2021 15:40
    Hi,

    I want to stop the incidents that keep appearing in AA which I already know is a False Positive or rather a legitimate activity.

    Does adding those events in the incident as exceptions solve this problem? I don't want to waste my time daily acknowledging the incidents which I already know are legitimate activities.

    Please if there is any other way of stopping these alerts from appearing?

    Regards
    Shrinik
    #AttackAnalytics

    ------------------------------
    Shrinik Srinivasa
    Security Analyst
    PageUp
    Melbourne, Australia
    ------------------------------


  • 2.  RE: How I reduce/stop the incident(s) that appear in Attack Analytics when I know that it's a False Positive?

    Posted 11-02-2021 22:40
    Any responses would be appreciated. Thanks

    ------------------------------
    Shrinik Srinivasa
    Security Analyst
    PageUp
    Melbourne, Australia
    ------------------------------



  • 3.  RE: How I reduce/stop the incident(s) that appear in Attack Analytics when I know that it's a False Positive?

    Posted 11-03-2021 21:49
    According to my practice, depending on whether the warning is sent from cloud WAF or ABP, I will make another exclusion.

    Naturally from the back end AA will never be seen again.

    ------------------------------
    CJ Kuo
    Technical manager
    NeiHu District
    ------------------------------