[Detection Engineering]
A Custom Prevention rule that was determined to be a false positive alert needs to be tuned. The behavior was determined to be authorized and expected on the affected endpoint. Based on the image below, which two steps could be taken? (Choose two.)
[Image description: A Custom Prevention rule configuration, assumed to trigger a Behavioral Indicator of Compromise (BIOC) alert for authorized behavior]
Lacresha
6 months agoAracelis
6 months agoEmeline
7 months agoSolange
7 months agoDorthy
7 months agoKirk
7 months agoLatricia
8 months agoLuther
8 months agoKati
8 months agoLashaun
8 months agoSharmaine
8 months agoViki
8 months agoAaron
9 months agoJamal
11 months agoYoko
11 months agoDerrick
11 months agoJani
11 months agoRonna
10 months agoRima
10 months agoRicarda
12 months agoErasmo
11 months agoLoren
11 months agoMarguerita
11 months agoBernadine
12 months agoVerlene
12 months agoSuzan
12 months agoJunita
1 year agoJanna
11 months agoTijuana
11 months agoMitzie
1 year ago