Incident Response: 5 Steps to Prevent False Positives

I published an article on the IBM Security Intelligence blog : Incident Response: 5 Steps to Prevent False Positives. The article describes how false positives look like and how they can interfere with your incident response and threat intelligence processes.

I propose 5 steps to prevent false positives, including

  • Prevent false positives from being added to threat intel report
  • Notify analysts on likelihood of false positives in threat intel reports
  • Report sightings, observables and false positives
  • Inform analysts about sightings
  • Disable the indicator to streamline cyber threat intel

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.