How do I Tune an
Authentication
Offense?
Step 1
Step 2
Step 3
If you determine that the authentication activity is normal and STRM is creating
false positive offenses, you can tune STRM to make sure no more offenses are
created due to this activity.
To tune authentication activity using the false positive function:
In the offense details interface, click
The List of Events window appears.
Select the event that includes the known source IP address that is reported to
produce suspicious activity.
Click
False Positive.
The False Positive window appears with information derived from the selected
event.
Offense Category Investigation Guide
How do I Tune an Authentication Offense?
Events.
21