Close Alert As False Positive
Close multiple alerts matching the specified filters as false positive (an alert on a non-malicious activity).
External Documentation
To learn more, visit the Microsoft Defender For Cloud Apps documentation.
Basic Parameters
| Parameter | Description |
|---|---|
| Alert IDs | A comma-separated list of alert IDs to close as false positive. Can be obtained via the List Alerts action. |
| Comment | A comment about why the alerts are dismissed. |
| Reason ID | The reason for closing the alerts as false positive. Providing a reason helps improve the accuracy of the detection over time. |
Advanced Parameters
| Parameter | Description |
|---|---|
| Allow Contact | Indicating that consent to contact the user is provided. Default value: false. |
| Contact Email | The email address of the user. |
| Feedback Text | The text of the feedback. |
| Send Feedback | Indicating that feedback about this alert is provided. Default value: false. |
Example Output
{
"closed_false_positive": 1
}
Workflow Library Example
Close Alert As False Positive with Microsoft Defender for Cloud Apps and Send Results Via Email
Preview this Workflow on desktop