Forum Discussion
MDE repeatable false positive "Multi-stage incident involving Privilege escalation..." How to fix?
Anyone else seeing this? It always has 57 alerts, too, and the Detection source is always 'Custom TI' and always at the same time in the morning. Doesn't matter if the machine is managed, AD joined, ...
No, that is what makes it so strange. I have even used the API to list indicators and there is nothing there to trigger something like the incident above.
make sure you have access to existing TI projects. While creating a new one , it shows "accessible to Me" option.