I am working with custom reports containing alert.id metakey so I can summarize the alerts generated for some time range.
However I am experiencing a high number of false positives in these reports.
I would like to know if there is a way to use the RSA NetWitness intelligence to optimize these reports and reduce the number of false positives.
I am starting to use the solution recently so I don't know the best practices and the better way to create more efficient reports.
Could any one help me with this? Is there some tips to get better reports or some document of best practices for it?
Thanks in advance.