Threat Protection is helpful when users actively work within the platform to resolve anomalies and threats. The information you provide to resolve threats trains Threat Protection on how to identify threats within your organization. To get a better result, your organization should resolve threats and anomalies on a regular basis.
Threats can be acted by a security response team and the results of the investigation can be recorded into Threat Protection. If the threat is identified as a security violation or a valid threat requiring policy changes, it should be marked resolved after the event has concluded.
To resolve threats:
- Go to Incidents > Threats.
- In the Threats table, select the specific threat you wish to resolve.
- In the Threat Cloud Card, select Status as Resolved to remove the threat from the Threats list.
Once updated, a successful message is displayed at the bottom of the page.
IMPORTANT: This action cannot be undone.