Submit a revision about false positive malware in Cortex

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Submit a revision about false positive malware in Cortex

L0 Member

Hi,

Before in Traps Management Services, I was able to report a false positive hash to WildFire for revision.

How can I do that in Cortex ?

 

Thank you.

1 REPLY 1

L2 Linker

Hello @CJP-PALOALTO I find that if you open up the specific Incident, in the Key Artifacts area, there should be the file itself and then under the Threat Intelligence there is "WF Benign" or "WF Malicious" (for example) and near it an icon that allows you to click and present the Wildfire Report.  From there select the icon on the top right corner of the WF Analysis Report screen and should present workflow to "Report Verdict as Incorrect". (see screenshot for details)
Hope this helps and I didn't misunderstand what you are requesting.

  • 4849 Views
  • 1 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!