Describes the resolution reasons for cases and issues.
When you resolve a case or issue, you must also specify a resolution reason. The following table describes the resolution reasons for selection.
Note
The displayed resolution reasons are domain-specific. You can see the resolution reasons that are defined for a domain under → → → .
Resolution reason | Description |
|---|---|
Resolved - True Positive | The case or issue was correctly identified by Cortex XSIAM as a real threat, and the case was successfully handled and resolved. NoteCases and issues resolved as True Positive and False Positive help Cortex XSIAM to identify real threats in your environment by comparing future cases and associated issues to the resolved cases. Therefore, the handling and scoring of future cases is affected by these resolutions. |
Resolved - False Positive | The case or issue is not a real threat. NoteCases and issues resolved as True Positive and False Positive help Cortex XSIAM to identify real threats in your environment by comparing future cases and associated issues to the resolved cases. Therefore, the handling and scoring of future cases is affected by these resolutions. |
Resolved - Security Testing | The case or issue is related to security testing or simulation activity, such as a BAS, pentest, or red team activity. |
Resolved - Known Issue | The case or issue is related to an existing issue or an issue that is already being handled. |
Resolved - Duplicate Case | The case or issue is a duplicate of another case. |
Resolved - Risk Accepted | The case or issue is related to a known mitigation or impact. |
If you created a custom resolution, it is also available for selection.