Knowledge base
Knowledge base
Breadcrumbs

Marking as False Positives

Last Updated: 2025-05-27


Purpose

This article describes how to mark a finding as a false positive in the Portal.

Introduction

A false positive refers to situations where the scanner mistakenly identifies a harmless action or event as a threat or risk. Marking a Finding as False Positive allows analysts to indicate that a flagged vulnerability is not a real threat—due to factors like outdated threat signatures, misconfiguration or overzealous security settings, or inherent limitations in the detection algorithms.
To prevent it from reoccurring in future scans, it can be marked as a False Positive. Once marked, the finding retains visibility but is labeled as false positive, and optionally an encrypted scan blueprint can be submitted to Outpost24’s research team for further evaluation. This capability helps reduce alert fatigue, prevent recurring noise in scan results, and improve the signal-to-noise ratio in your vulnerability management process.

Reporting a False Positive

Prerequisites

Before you start, verify that the False Positive column is active, to show the status of the findings.

To activate the False Positive column:

  1. Login to the portal.

  2. Go to Findings > Vulnerabilities.

  3. Click on the filter icon and select False positive.

Portal_Findings_Vuln_FalsePositiveCol.png


Reporting

To report a false positive:

  1. Go to Findings > Vulnerabilities.

  2. Open the mark false positive popup. This can be done in two ways:

    1. From the Toolbar:

      1. Select the checkbox on the vulnerabilities you want to mark as a false positive.

        Portal_Findings_Vuln_FalsePositiveSel.PNG


      2. Click the Mark as false positive Icon_Mark_As_False_Positive.png icon on the toolbar.

        Portal_Findings_Vuln_FlasePositiveToolbar.png


    2. From the context menu:

      1. Right-click on the vulnerabilities you want to mark as false positive to open the context menu.

      2. Select Mark as false positive in the in the menu.

        Portal_Findings_Vuln_FalsePositive_ConceptMenu.PNG



  3. When the Mark as false positive popup is displayed, enter a comment in the comment input.

  4. To send additional information to Outpost24, toggle the Send information to the Outpost24 Vulnerability Research and Development Team switch.

    Portal_Findings_Vuln_FalsePositive_Comment.PNG


  5. Once all of the information is filled out, click the blue SEND button.

    A False Positive will still be listed in the results, but with its status changed to false positive.
    The vulnerability details, comments and additional information are displayed in the comment tab.

    Portal_Findings_Vuln_FalsePositive_CommentsView.png


  6. For HIAB users, if they choose the Include scan blueprint in the submission option, an encrypted blueprint file is created and uploaded to Outpost 24 Support Team.

    Portal_Findings_Vuln_FalsePositive_Submission.png

Unmarking a False Positive

To unmark an entry as a false positive, select Unmark as False Positive in the context menu or the toolbar.



Related Articles