Resolving threats and anomalies on a regular basis is an important part of training Threat Protection about baseline behavior in your environment. To get a better result, your organization should resolve threats and anomalies on a regular basis. If an anomaly is identified as a security violation or a valid anomaly requiring policy changes, it should be marked resolved after the event/investigation has concluded.
NOTE: Shadow Service anomalies cannot be resolved.
IMPORTANT: Resolving an anomaly cannot be undone or reverted.
To mark an anomaly as Resolved:
- Go to Incidents > Anomalies > Anomalies.
- In the Anomalies table, select the specific anomaly you wish to resolve.
- In the Anomalies Cloud Card, select Status as Resolved to remove the anomaly from the Anomalies list.
Once updated, a successful message is displayed at the bottom of the page.