Clarify meaning of sighting as true positive

pull/74/head
Marcos Orallo 2017-11-29 18:11:09 +01:00 committed by GitHub
parent 274cade47e
commit 0f821e8296
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 4 additions and 4 deletions

View File

@ -21,12 +21,12 @@ Sighting is applied to every attribute, under the column "Sightings", easily ide
![attribute](./figures/attributesighting.png) ![attribute](./figures/attributesighting.png)
These three values show respectively: These three values show respectively:
- The number of sighting on the attribute, in green. - The number of true positives detected with the attribute, in green. Malicious activity as described in the event.
- The number of times the attribute have been marked as false positive, in red. - The number of times the attribute has been marked as false positive, in red. Non-malicious activity or incorrect detection.
- The number of different expiration dates that have been affected on this attribute, in orange - The number of different expiration dates that have been affected on this attribute, in orange
Concerning the three icons: Concerning the three icons:
- The first one (Thumb up) allows to add a sighting on an attribute. - The first one (Thumb up) allows to add a sighting (true positive) on an attribute.
- The second one (Thumb down) allows to mark the attribute as a false positive. - The second one (Thumb down) allows to mark the attribute as a false positive.
- The third one (Tool) opens a popup for advanced sightings, showing sightings details and allowing different actions. - The third one (Tool) opens a popup for advanced sightings, showing sightings details and allowing different actions.
@ -60,4 +60,4 @@ Clicking on the tool will show sighting details for the whole event.
### Using sightings on an event (API) ### Using sightings on an event (API)
Please have a look at the [automation API](../automation/README.md#sightings-api) Please have a look at the [automation API](../automation/README.md#sightings-api)