When you dismiss a Finding, the Finding will no longer display in the active Findings list.

  • For a Hygiene, Detected TTP, or Detected Anomaly Indicator, the Finding will continue to be monitored and any new Finding for the indicator will be raised unless it is muted.

  • For a Tier Zero indicator, the Finding will not be raised again unless the object is re-added as a Tier Zero or Privileged object.

    NOTES:

    • Only certified Tier Zero and Privileged objects can be dismissed. If a Tier Zero/Privileged object is not certified, the Dismiss option will be disabled. However, you can dismiss a Tier Zero/Privileged Finding as part of the certification process.

    • When you dismiss a Finding, the Finding Status is changed from Active to Inactive and can be viewed when the Findings list is filtered by Status = Inactive.

To dismiss a Finding after investigation:

From the Investigate Finding page, click Dismiss Finding.

You will be prompted to confirm the dismissal. For a Hygiene, Detected TTP, or Detected Anomaly Indicator, the confirmation dialog also includes a check box that allows you to mute the Finding at the same time.

To dismiss one or more Findings from the Findings list:

  1. Select the Finding(s) you want to dismiss.

  2. Click the Dismiss button.

NOTE: If your selection contains only Hygiene, Detected TTP, and/or Detected Anomaly Indicators, you will also have the option to mute the Finding(s). If the selection includes Tier Zero Findings, the option to mute will be unavailable. Any uncertified Tier Zero objects in the selection will not be dismissed.