Occasionally you may receive an email notifications (ARO) after the event occurred.
The majority of AROs are automatically released. As soon as something suspicious is seen by Field Effect an ARO is released immediately. These will be for high priority alerts such as those detecting Malware where there is little in the way of false positives.
Other AROs will be flagged to our global team of analysts who manually review them for accuracy before they are sent.
As all monitored environments are different, what is observed as normal activity for one might be anomalous for another. With this in mind, we release AROs that we believe should be brought to your attention and leave it for you to make the final decision on how to react.
This manual review may lead to later than expected notifications or indeed false positives but armed with your feedback our analysts can make more informed decisions in the future.
If you have any examples of specific AROs that you are seeing consistently being false positives please use the Difficulty with option to flag them to our team who will then adapt to your needs.
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article