2022-06-12 09:11 AM
Need some best recommendation about fine tuning of APP rules.
if I want to fine tune multiple hashes which are generation many False Positives so what is the best way to fine-tune
1- Whitelist the file and update the app rule with below
contect != 'file.whitelisted'
or
2- we should add each hash separately in the app rule as given below
checksum.src!= hash1,hash2,hash3
Regards,