From the course: Microsoft Azure: Security Monitoring and Threat Detection
Join today to access over 24,900 courses taught by industry experts.
How does XDR handle false positives? - Azure Tutorial
From the course: Microsoft Azure: Security Monitoring and Threat Detection
How does XDR handle false positives?
- [Instructor] Here we will discuss how XDR undoes false positives in different ways, and also the different solutions it works with to report the false positive. First of all, these options are reporting the false positive or negative to Microsoft. So you can use any of the solutions like your Microsoft Sentinel data loss prevention service in the Microsoft 365 Defender portal or the Microsoft Defender for Endpoint. Any of the solutions can be used to report false positive or negative to Microsoft. Perhaps if automated investigation and response capabilities in Microsoft Defender, which is the XDR missed or wrongly detected something, the security operations team can report a false positive or negative to Microsoft for analysis. Another way it handles false positive is adjusting the alerts. The security operations team can adjust alerts to prevent false positive from recurring. For example, if an alert is triggered by legitimate user, or if an alert is inaccurate, it can be managed…
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.
