all InfoSec news
How do you “prove” that an alert is a false positive?
May 7, 2022, 10:47 a.m. | /u/iamthephantompain
cybersecurity www.reddit.com
What if your IDS has alerted you that X is happening on X device - how can you convince the business or client that this is a false positive?
If there are no other unusual IOCs aka indicators of compromise such as password resets and no unusual activity in the logs, is this something that we could consider as a false positive and close?
More from www.reddit.com / cybersecurity
Jobs in InfoSec / Cybersecurity
Cybersecurity Skills Challenge -- Sponsored by DoD
@ Correlation One | United States
Security Operations Center (SOC) Analyst
@ GK Cybersecurity Group | Remote
Lead Security Analyst
@ OpenText | Virtual, CA
Cybersecurity Research Engineer
@ Peraton | Silver Spring, MD, United States
Enterprise Security Engineer
@ Salesforce | California - San Francisco
Senior DevSecOps Engineer
@ Netcompany | Patras, Greece