With Seculyze, our ML/AI algorithm provides dynamic and ongoing classification of each incoming alert. Through our Tuning feature, you have the option to autoclose alerts of certain types classified as False Positives. This approach means you do not need to change and manage rules every time your environment change - even if Sentinel or Defender changes, you dont have to. You get:

Seculyze allows you to define several autoclose options, so you can treat the False Positives we find in a way that suits your environment and team. By making informed choices in these options, your organization can enjoy a more efficient, focused, and proactive security operation saving both time and resources

Let's go over each option.

The option is whether to autoclose incidents just using the default "Auto-closed by Seculyze" tag or add an additional custom tag to the False Positives we find. This allows you to easily monitor each Alert Types behavior to your liking, so you always can follow what historically happened with your incidents.

​

Seculyze allows you to change Sentinel/Defender Severity level of the False Positives we auto-close. Auto-closing False Positives can affect workflow and documentation practices, and adjusting to the appropriate severity level within the autoclose feature might bring focus on critical issues and streamline documentation.

Choosing between having auto-close run indefinitely or for a set number of days provides operational flexibility. An indefinite auto-close schedule is ideal for most Alert Types, while a fixed term can be useful for temporary campaigns or in response to specific threats.

Deciding whether you want to auto-close both past and future False Positive incidents or only future ones allows for retrospective analysis and the strengthening of future defenses. This ensures that all relevant incidents are addressed, enhancing overall security posture.

​

​