fp-pattern-finder
Automatically detect false positive patterns in detections using deterministic analysis. Fetches historic detections for a time window, runs pattern detection script to identify noisy patterns (single-host concentration, identical command-lines, service accounts, same hash, temporal periodicity, etc.), generates narrow FP rules for each pattern, and presents for user approval before deployment. Use for bulk FP tuning, detection noise analysis, or automated alert fatigue reduction.
Installation and usage
Automatically detect false positive patterns in detections using deterministic analysis. Fetches historic detections for a time window, runs pattern detection script to identify noisy patterns (single-host concentration, identical command-lines, service accounts, same hash, temporal periodicity, etc.), generates narrow FP rules for each pattern, and presents for user approval before deployment. Use for bulk FP tuning, detection noise analysis, or automated alert fatigue reduction.
بعد التثبيت، يمكنك استخدام هذه المهارة بتشغيل الأمر التالي في الطرفية:
skills use fp-pattern-finder