mirror of
https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git
synced 2026-06-15 15:34:56 +03:00
mukul975
629 B
629 B
Workflows - False Positive Reduction
Tuning Cycle
Identify Noisy Rules --> Analyze FP Root Causes --> Tune Rules -->
Validate with Testing --> Measure Improvement --> Report --> Repeat
FP Analysis Categorization
| Category | Action | Example |
|---|---|---|
| Known benign | Add to allowlist | Vulnerability scanner IPs |
| Threshold too low | Raise threshold | Login failure count from 5 to 20 |
| Missing context | Add correlation | PowerShell + network = suspicious |
| Missing enrichment | Add lookup | Asset criticality context |
| Rule outdated | Rewrite or retire | Legacy detection no longer relevant |