Last update:
Last verified version: AMC 3.2.1
Issue
In some environments, Aurora might generate a high amount of False Positives. This should never be the case, since Aurora should only alert on very few and mostly important findings.
Solution
Most likely a rule is matching on the environment and generates too many false positives. To circumvent this, you can disable the rule and set a filter later on. For Tuning, please see:
https://asgard-manual.nextron-systems.com/en/latest/administration/sigma.html#false-positive-tuning-of-sigma-rules