Describes the resolution reasons for incidents and alerts.
When an incident or alert is resolved, select the Resolution status and specify one of the following resolution reasons:
Resolution reason | Description |
|---|---|
Resolved - True Positive | The incident was correctly identified by Cortex XDR as a real threat, and the incident was successfully handled and resolved. NoteIncidents resolved as True Positive and False Positive help Cortex XDR to identify real threats in your environment by comparing future incidents and associated alerts to the resolved incidents. Therefore, the handling and scoring of future incidents is affected by these resolutions. |
Resolved - False Positive | The incident is not a real threat. NoteIncidents resolved as True Positive and False Positive help Cortex XDR to identify real threats in your environment by comparing future incidents and associated alerts to the resolved incidents. Therefore, the handling and scoring of future incidents is affected by these resolutions. |
Resolved - Security Testing | The incident is related to security testing or simulation activity such as a BAS, pentest, or red team activity. |
Resolved - Known Issue | The incident is related to an existing issue or an issue that is already being handled. |
Resolved - Duplicate Incident | The incident is a duplicate of another incident. |