Skip to main content

Legitimates

As with any attack detection system, Seer Box is not infallible. To prevent false positives, you can flag legitimate elements associated with your applications. This will prevent the system from detecting further malicious events on those elements.

Legitimate elements have context fields, such as alerts and rules, that allow you to narrow down the target if necessary. For more details, refer to the Alert specifications section.

Legitimates management

Legitimates management is allowed to users in the admins group or users belonging to a group having Handle rules permission associated with the domain group to which the item belongs.

Create a legitimate

In addition to creating one or more legitimates from the alert detail page with the Advanced Protection function, custom legitimates can be created.

From Seer Box web interface

  1. Access the Protection - Legitimates page: in this section you can view the list of all created legitimates.

  2. To create a custom legitimate click on the Create custom legitimate button in the upper right corner of the page.

  3. A wizard will be displayed that will allow you to create a legitimate. Select the target in the appropriate field, then click Next to continue.

  4. Based on the selected target you will be able to define its context. In the form fields enter the chosen value or select the default All ... option. For example, for the Host context field it will be possible to manually enter a custom domain or select the All hosts option.

    1. Enter the value of the target to be reported as legitimate. To complete the creation click on the Save legitimate button.

The new legitimate will appear on the summary page.

Delete a legitimate

From Seer Box web interface

  1. Access the Protection - Legitimates page: in this section you can view the list of all created legitimates.

  2. Select one or more legitimates to delete by clicking on the checkbox located at the left end of each item.

  3. As soon as at least one item is selected, the Delete button with a trashcan icon will appear in the upper right corner of the legitimates' list.

  4. Clicking this button displays a modal confirming the operation. Click on the Confirm button to proceed.