Create an analysis module that automatically remediates emails that match a certain (configurable) criteria. If the alert is dispositioned as FP, then the emails are "unremediated". The alerts where this happens also need to be near the top of the list, possibly with a lower SLA since they may be delaying legitimate emails.
This will require modifications to the remediation table and how it works.
Create an analysis module that automatically remediates emails that match a certain (configurable) criteria. If the alert is dispositioned as FP, then the emails are "unremediated". The alerts where this happens also need to be near the top of the list, possibly with a lower SLA since they may be delaying legitimate emails.
This will require modifications to the remediation table and how it works.