How do I Tune a
Malware Offense?
Step 1
Step 2
Step 3
If you determine that the malware activity is normal and STRM is creating false
positive offenses, you can tune STRM to make sure no more offenses are created
due to this activity.
To tune reconnaissance activity using the false positive function:
In the reconnaissance offense details interface, click
The List of Events appears for the selected offense.
Select the event with the source IP address known to be producing
reconnaissance activity.
Click
False Positive.
The False Positive window appears with information derived from the selected
event.
Category Offense Investigation Guide
How do I Tune a Malware Offense?
Events.
45