3 weeks ago
Need some best recommendation about fine tuning of APP rules.
if I want to fine tune multiple hashes which are generation many False Positives so what is the best way to fine-tune
1- Whitelist the file and update the app rule with below
contect != 'file.whitelisted'
2- we should add each hash separately in the app rule as given below