Has any of you tried to prepare report or dashboard which will show you the amount of false positive alerts. We want to reduce the number the amount of the incoming alerts and focus more on the real threats.
Hi Nadya,
It may be possible to use the investigation audit log for this. Decisions/changes to investigations are logged here and you can use this audit data to build dashboards and reports. See screenshot for a vary basic example
Seems to be a good query to use, there you could build a Pie or Bar chart to see the percentage of Benign events compared to the Malicious ones for instance
Not currently, there are audit logs in log search but you can’t perform calculations like this without writing some kind of script to programmatically query the data