False positives that follow repeat patterns create repeat work. With Automated Repeat False Positive Prevention, you can now provide targeted feedback when reporting false positives to automatically prevent similar alerts from recurring.

When marking an ATO case as "Incorrect Detection" or "Undetermined Cause," you'll now see options to safelist specific indicators of compromise (IOCs) associated with that user. These options include:

• Location: Safelist activity from specific countries or, for US activity, specific states

• IP Address: Safelist specific IP addresses for known legitimate access points

• VPN Usage: Safelist VPN connections for users who legitimately require them

Each safelist is applied at the user level for a period of several months to prevent alert recurrence while maintaining security. This customization is particularly valuable for organizations with global workforces or unique access patterns that might otherwise trigger false positives