Close Alert As False Positive

Close multiple alerts matching the specified filters as false positive (an alert on a non-malicious activity).

External Documentation

To learn more, visit the Microsoft Defender For Cloud Apps documentation.

Basic Parameters

Parameter	Description
Alert IDs	A comma-separated list of alert IDs to close as false positive. Can be obtained via the `List Alerts` action.
Comment	A comment about why the alerts are dismissed.
Reason ID	The reason for closing the alerts as false positive. Providing a reason helps improve the accuracy of the detection over time.

Advanced Parameters

Parameter	Description
Allow Contact	Indicating that consent to contact the user is provided. Default value: false.
Contact Email	The email address of the user.
Feedback Text	The text of the feedback.
Send Feedback	Indicating that feedback about this alert is provided. Default value: false.

Example Output

{
	"closed_false_positive": 1
}

Workflow Library Example

Close Alert As False Positive with Microsoft Defender for Cloud Apps and Send Results Via Email

Preview this Workflow on desktop

On this page

Basic Parameters
Advanced Parameters
Example Output
Workflow Library Example

Close multiple alerts matching the specified filters as false positive (an alert on a non-malicious activity).

External Documentation

To learn more, visit the Microsoft Defender For Cloud Apps documentation.

Basic Parameters

Parameter	Description
Alert IDs	A comma-separated list of alert IDs to close as false positive. Can be obtained via the `List Alerts` action.
Comment	A comment about why the alerts are dismissed.
Reason ID	The reason for closing the alerts as false positive. Providing a reason helps improve the accuracy of the detection over time.

Advanced Parameters

Parameter	Description
Allow Contact	Indicating that consent to contact the user is provided. Default value: false.
Contact Email	The email address of the user.
Feedback Text	The text of the feedback.
Send Feedback	Indicating that feedback about this alert is provided. Default value: false.

Example Output

{
	"closed_false_positive": 1
}

Workflow Library Example

Close Alert As False Positive with Microsoft Defender for Cloud Apps and Send Results Via Email

Preview this Workflow on desktop

On this page

Basic Parameters
Advanced Parameters
Example Output
Workflow Library Example

Basic Parameters

Advanced Parameters

Example Output

Workflow Library Example

Case Management

Automated Case Management

Case Management Dashboard

Case Management Interface

Triggers & Actions

Case Management Settings

Close Alert As False Positive

Basic Parameters

Advanced Parameters

Example Output

Workflow Library Example

​Basic Parameters

​Advanced Parameters

​Example Output

​Workflow Library Example

Case Management

Automated Case Management

Case Management Dashboard

Case Management Interface

Triggers & Actions

Case Management Settings

​Basic Parameters

​Advanced Parameters

​Example Output

​Workflow Library Example

Basic Parameters

Advanced Parameters

Example Output

Workflow Library Example

Basic Parameters

Advanced Parameters

Example Output

Workflow Library Example