Recently we have added new functionality to reduce noise and also increase the speed of processing new Broad Context Detections (BCD). Now an automated suppression mechanism will activate if any detection part of a BCD earlier closed as false positive repeats more than 4 days within a 30 days period, or repeats more than 5 times a day.
If a BCD was closed as False positive, but then later marked as Confirmed (based on new findings), all identical BCDs are automatically reopened. In such an event also the automated suppression mechanism would be deactivated for future detections.
To summarize, when a BCD is determined to be a False Positive (in other words, not a valid issue), the analyst can change the status as follows:
Closed - False Positive: The BCD has been closed and is no longer monitored. The detection was not malicious.
This action can then lead to activation of the new suppression mechanism if the earlier described criteria are met.
Furthermore, any later BCDs that are identical to one earlier closed as False Positive, will be automatically closed as follows:
Closed - Auto False Positive: The BCD has been closed automatically as False Positive based on earlier identical BCD that have been closed as false positive.