If Deep Discovery Inspector (DDI) detects many aggressive or false positive detections, but actually they are legitimate, it might be caused by the current configuration, or you need to adjust a configuration to fit your environment.
To mitigate those unnecessary detections, do the following:
- Check that Deep Discovery Inspector is configured correctly. Refer to linked articles under Recommended DDI Configurations in Deep Discovery Inspector (DDI) 5.7 Best Practice Guides.
- Check the detection details through Detections > All Detections, then identify triggered rules and objects.
- In order to mitigate aggressive or false positive detection on Deep Discovery Inspector, update any or all of the following configurations depending on the situation:
- To ignore detections by a specific detection rule, go to Administration > Monitoring/Scanning > Detection Rules, and disable a detection rule which is considered unnecessary.
To ignore a detection which meets a particular criteria, such as Host name, Protocol, or File SHA-1 etc, go to Administration > Monitoring/Scanning > Detection Exceptions, and then register an appropriate criteria into the Detection Exception list.
To allow the connection to particular entities, go to Administration > Monitoring/Scanning > Deny List/Allow List, and then register File SHA-1, IP address, URL or domain into Allow List.