The ability to report, investigate and resolve false positive and false negatives needs to be improved.
Right now the process for submitting false positives is quite labour intensive and not obvious. You have to submit a ticket, and then go through the process of passing this evidence along using email, secure drops, etc.
At the time of writing this, there didn't appear to be a documented process at all for submitting "false negatives", that is, missed events or missed incidents.
Users logged into the alert-logic console should have any easy and fast way to submit and track these, and preferably a method to securely pass along the relevant evidence.
Please sign in to leave a comment.