With Seculyze, our ML/AI algorithm provides dynamic and ongoing classification of each incoming alert. Through our Tuning feature, you have the option to autoclose alerts of certain types classified as False Positives. This approach means you do not need to change and manage rules every time your environment change - even if Sentinel or Defender changes, you dont have to. You get:
Streamlined Workflow
Severity Alignment
Reduced System Noise
Comprehensive Coverage
Seculyze allows you to define several autoclose options, so you can treat the False Positives we find in a way that suits your environment and team. By making informed choices in these options, your organization can enjoy a more efficient, focused, and proactive security operation saving both time and resources
Let's go over each option.
Tag: Use Default and Add Custom Tag.
The option is whether to autoclose incidents just using the default "Auto-closed by Seculyze" tag or add an additional custom tag to the False Positives we find. This allows you to easily monitor each Alert Types behavior to your liking, so you always can follow what historically happened with your incidents.
For the sake of accuracy and historical tracking, the default tag "Auto-closed by Seculyze" will also be used, even if you add a custom tag.
β
Severity Level: Preserve or Modify
Seculyze allows you to change Sentinel/Defender Severity level of the False Positives we auto-close. Auto-closing False Positives can affect workflow and documentation practices, and adjusting to the appropriate severity level within the autoclose feature might bring focus on critical issues and streamline documentation.
Duration: Indefinite or Fixed Term
Choosing between having auto-close run indefinitely or for a set number of days provides operational flexibility. An indefinite auto-close schedule is ideal for most Alert Types, while a fixed term can be useful for temporary campaigns or in response to specific threats.
Scope: Past + Future or Future Only
Deciding whether you want to auto-close both past and future False Positive incidents or only future ones allows for retrospective analysis and the strengthening of future defenses. This ensures that all relevant incidents are addressed, enhancing overall security posture.
β
β