How to handle false positives effectively?
False positives can be remediated in two ways:
- Adding device/web domain to the boundary
- Modifying data rule
Add device/web domain to the boundary
- Click on the Policies tab under Endpoint DLP
- Select your policy
- Under False Positives, select Enterprise Perimeter
- Add the devices/web domain to the perimeter using the Fine Tune option.
Mdify the data rule
- Under False Positives, select Data Classification
- Fine Tune or Remove the required rule
- Increase the occurrence count of the pattern in the case of a RegEx rule to fine-tune the rule. To fine-tune the policy, improve the match percentage in document matching and update the document with more relevant terms in keyword matching.
- If frequent false positives are raised due to a predefined data rule, report the issue to ManageEngine.
