We are thrilled to introduce a new feature that enhances your ability to provide valuable feedback and improve the accuracy of Sekoia's indicators!
You can now easily report potential false positives directly within Sekoia. This feature is available in two convenient locations:
Alerts: When reviewing an alert triggered by an indicator, you can now directly report it as a false positive within the alert details. Keep in mind that alerts are automatically closed if the indicator is revoked.
Intelligence Database (Object Details): While viewing a CTI object in the Intelligence Database, you'll see a new option to flag the indicator as a potential false positive.
Once you submit your request for revocation, a Zendesk ticket is automatically created, and both our Product Expertise and Support (PES) team and the Threat Detection and Research team are notified.
They review the request within few days and determine whether the IOC should be revoked. If it's the case, you will be notified.
This new feature not only helps you maintain a more accurate threat intelligence system but also contributes to the overall improvement of Sekoiaβs reliability and performance.