Close multiple alerts matching the specified filters as false positive (an alert on a non-malicious activity).
External Documentation
To learn more, visit the Microsoft Defender For Cloud Apps documentation.
Parameter | Description |
---|---|
Alert IDs | A comma-separated list of alert IDs to close as false positive. Can be obtained via the List Alerts action. |
Comment | A comment about why the alerts are dismissed. |
Reason ID | The reason for closing the alerts as false positive. Providing a reason helps improve the accuracy of the detection over time. |
Parameter | Description |
---|---|
Allow Contact | Indicating that consent to contact the user is provided. Default value: false. |
Contact Email | The email address of the user. |
Feedback Text | The text of the feedback. |
Send Feedback | Indicating that feedback about this alert is provided. Default value: false. |
Close Alert As False Positive with Microsoft Defender for Cloud Apps and Send Results Via Email
Preview this Workflow on desktop
Close multiple alerts matching the specified filters as false positive (an alert on a non-malicious activity).
External Documentation
To learn more, visit the Microsoft Defender For Cloud Apps documentation.
Parameter | Description |
---|---|
Alert IDs | A comma-separated list of alert IDs to close as false positive. Can be obtained via the List Alerts action. |
Comment | A comment about why the alerts are dismissed. |
Reason ID | The reason for closing the alerts as false positive. Providing a reason helps improve the accuracy of the detection over time. |
Parameter | Description |
---|---|
Allow Contact | Indicating that consent to contact the user is provided. Default value: false. |
Contact Email | The email address of the user. |
Feedback Text | The text of the feedback. |
Send Feedback | Indicating that feedback about this alert is provided. Default value: false. |
Close Alert As False Positive with Microsoft Defender for Cloud Apps and Send Results Via Email
Preview this Workflow on desktop