Describes the resolution reasons for incidents and alerts.
When you resolve an incident or alert you must also specify a resolution reason. The following table describes the resolution reasons available for selection.
Note
The displayed resolution reasons are domain specific. You can see the resolution reasons that are defined for a domain under
→ → → .Resolution reason | Description |
---|---|
Resolved - True Positive | The incident was correctly identified by Cortex XSIAM as a real threat, and the incident was successfully handled and resolved. NoteIncidents resolved as True Positive and False Positive help Cortex XSIAM to identify real threats in your environment by comparing future incidents and associated alerts to the resolved incidents. Therefore, the handling and scoring of future incidents is affected by these resolutions. |
Resolved - False Positive | The incident is not a real threat. NoteIncidents resolved as True Positive and False Positive help Cortex XSIAM to identify real threats in your environment by comparing future incidents and associated alerts to the resolved incidents. Therefore, the handling and scoring of future incidents is affected by these resolutions. |
Resolved - Security Testing | The incident is related to security testing or simulation activity such as a BAS, pentest, or red team activity. |
Resolved - Known Issue | The incident is related to an existing issue or an issue that is already being handled. |
Resolved - Duplicate Incident | The incident is a duplicate of another incident. |
If you created a custom resolution, it is also available for selection.