Skip to main content
Skip table of contents

How to Mark as False Positives

Purpose

This document describes how to mark a finding as a false positive in the Portal.

Introduction

A false positive refers to situations where the scanner mistakenly identifies a harmless action or event as a threat or risk. This can occur due to various factors, such as outdated threat signatures, misconfiguration or overzealous security settings, or inherent limitations in the detection algorithms. To prevent it from reoccurring in future scans, it can be marked as a False Positive and be sent to the Outpost24 Vulnerability Research and Development Team for further investigation.

Reporting a False Positive

Prerequisites

Before you start, verify that the False Positive column is active, to show the status of the findings.

To activate the False Positive column:

  1. Login to the portal.

  2. Go to Findings > Vulnerabilities.

  3. Click on the filter icon and select False positive.

    Portal_Findings_Vuln_FalsePositiveCol.PNG

Reporting

To report a false positive:

  1. Go to Findings > Vulnerabilities.

  2. Open the mark false positive popup. This can be done in two ways:

    1. From the Toolbar:

      1. Select the checkbox on the vulnerabilities you want to mark as a false positive.

        Portal_Findings_Vuln_FalsePositiveSel.PNG

      2. Click the Mark as false positive Icon_Mark_As_False_Positive.png icon on the toolbar.

        Portal_Findings_Vuln_FalsePositiveToolbar.PNG

    2. From the context menu:

      1. Right-click on the vulnerabilities you want to mark as false positive to open the context menu.

      2. Select Mark as false positive in the in the menu.

        Portal_Findings_Vuln_FalsePositive_ConceptMenu.PNG

  3. When the Mark as false positive popup is displayed, enter a comment in the comment input.

  4. To send additional information to Outpost24, toggle the Send information to the Outpost24 Vulnerability Research and Development Team switch.

    Portal_Findings_Vuln_FalsePositive_Comment.PNG

  5. Once all of the information is filled out, click the blue SEND button.

    A False Positive will still be listed in the results, but with its status changed to false positive.
    The vulnerability details, comments and additional information are displayed in the comment tab.

    Portal_Findings_Vuln_FalsePositive_CommentsView.PNG

  6. For HIAB users, if they choose the Include scan blueprint in the submission option, an encrypted blueprint file is created and uploaded to Outpost 24 Support Team.

    Portal_Findings_Vuln_FalsePositive_Submission.png


Unmarking a False Positive

To unmark an entry as a false positive, select Unmark as False Positive.




Copyright

© 2024 Outpost24® All rights reserved. This document may only be redistributed unedited and unaltered. This document may be cited and referenced only if clearly crediting Outpost24® and this document as the source. Any other reproduction and redistribution in print or electronically is strictly prohibited without explicit permission.

Trademark

Outpost24® and OUTSCAN™ are trademarks of Outpost24® and its affiliated companies. All other brand names, product names or trademarks belong to their respective owners.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.