{"id":44675,"date":"2022-01-05T18:00:00","date_gmt":"2022-01-05T18:00:00","guid":{"rendered":"https:\/\/www.darkreading.com\/attacks-breaches\/why-we-need-to-reframe-the-false-positive-problem"},"modified":"2022-01-05T18:00:00","modified_gmt":"2022-01-05T18:00:00","slug":"why-we-need-to-reframe-the-false-positive-problem","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/why-we-need-to-reframe-the-false-positive-problem\/","title":{"rendered":"Why We Need To Reframe the False-Positive Problem"},"content":{"rendered":"<div><img decoding=\"async\" src=\"https:\/\/eu-images.contentstack.com\/v3\/assets\/blt66983808af36a8ef\/bltebc292e226150b93\/61cb52a52bc2e01034abfd12\/FalsePositive_Dzmitry_Dzemidovich_Alamy.jpg\" class=\"ff-og-image-inserted\"><\/div>\n<p>The concept of false positives has been pushed and pulled around for years in the cybersecurity industry. Countless vendor-sponsored studies reinforce the idea that false positives are directly contributing to the problem of alert fatigue. And as a security vendor, it&#8217;s no surprise that one of the top burning questions on our customers&#8217; minds is, &#8220;What&#8217;s our false-positive rate?&#8221;<\/p>\n<p>There&#8217;s no doubt that security analysts and IT admins are frustrated by<a href=\"https:\/\/www.blumira.com\/cybersecurity-alert-fatigue-tips\/\" target=\"_blank\" rel=\"noopener\"> a constant barrage of alerts<\/a>. But false positives aren&#8217;t solely to blame; the reason is&nbsp;largely due to poorly targeted detection logic. Without experienced teams and large datasets, targeting threat detection can result in large volumes of noise. And because the nature of administrative work can also overlap with attacker patterns, the effort to tune or build behavior- or signature-based threat identification requires time and effort that most organizations don&#8217;t have. <\/p>\n<p>Moreover, these alerts generated by the logic are something that the industry quickly becomes addicted to. If you previously saw hundreds of alerts from an external scan from your firewall&#8217;s intrusion prevention system and now you see zero, it can be hard to accept that this was background noise rather than a significant problem.<\/p>\n<p><strong>The Importance of Monitoring Behaviors<\/strong><br \/>If your password manager is resulting in password spraying behavior, that&#8217;s not a false positive \u2014 it&#8217;s a no-action finding that may require safe-listing and tuning of the detection logic to reduce noise and improve accuracy. However, historically, most people in the industry are trained to think, &#8220;Not an active threat? Must be a false positive.&#8221; <\/p>\n<p>We should reframe that thinking to, &#8220;What&#8217;s creating these behaviors? Did the behavior happen, and do I care that it happened\/will happen again?&#8221; By targeting your methodology for what you want to see around the negative behavior, it makes it easier to generally maintain a high true-positive rate. When organizations combine the effort of compliance or infrastructure alerting with detection of threats, this behavior can quickly grow within teams. By and large, the industry is trained through repetition to ignore or be annoyed at loud alarms that are not correct. <\/p>\n<p>This behavior tends to expand into threat detection because of the nature of alerting and can quickly result in missed opportunities to halt threats. It can be easy to think you are ignoring something you have seen before; perhaps a file from your Internet Information Services (IIS) environment that looks like normal Exchange activity is executing a large number of POSTs and is interacting with cmd.exe. Making the assumption that this is normal noise because something similar has been seen before and immediately jumping to &#8220;false positive&#8221; can and has resulted in situations where a breach is not responded to in a timely fashion. Since defenders must act quickly, the need to stop and review without bias is more important than ever. <\/p>\n<p>Attackers can only perform a finite number of actions to gain access to an environment \u2014 although attackers are adapting their methodologies to evade antivirus and endpoint detection tools. These methods could include using IEX in PowerShell, or it could be patterns associated with Word spawning unexpected processes. Often when an attacker has successfully landed a malicious Word document in an environment, it will have a macro that contains the actual attack logic. When the user enables macros on their machine, Word immediately runs the Visual Basic Script within the document in a way that&#8217;s generally not identifiable by the user or antivirus unless commonly seen. <\/p>\n<p>When that script is run, it results in the actual Word process (winword.exe) spawning other processes such as cmd.exe or powershell.exe to load their backdoor onto the machine itself. Backdoor loaders like Cobalt Strike are very good at avoiding antivirus systems, and attackers often update Cobalt Strike and similar exploit kits to continuously evade signatures. By looking for Word spawning these processes, defenders can quickly identify when a macro or user is performing malicious or at least odd actions within the Word environment. <\/p>\n<p>Pure, signature-based detection is important, but security tools should focus more on potentially threatening <em>behaviors<\/em>. Detections that tell you when one IP address has attempted and failed to log into at least 20 users on the domain controller or host itself over a 10-minute period will always tell you that a password spraying pattern is occurring. However, telling you that 20 users failed to log in over a 10-minute period is a guaranteed false-positive detection in most cases \u2014 and this happens much more than most organizations realize. While this can be helpful information, daily reporting on failed user logins will help you solve operational issues, while behavior-based detection will support your effort to stop threats quickly.<strong><br \/><\/strong><\/p>\n<p><strong>Building Security Maturity Through Detection<br \/><\/strong>The reality is that detections derived from products themselves always have some bump in false positives. Endpoint tools that rely on AI detection, for example, will never be perfect \u2014 nor can they be \u2014 and will find things that are not threats, especially in situations where engineering is happening in-house. <\/p>\n<p>It&#8217;s important for you at that point to decide if you have the time to review these kinds of findings, or, if you only want to review positive threats to your environments, whether those are behaviors from Sysmon or general CrowdStrike detections.<\/p>\n<p>Either way, monitoring behaviors will always lead to internal security maturity growth. As you monitor behaviors, you&#8217;ll begin to recognize patterns and develop a deeper understanding of what&#8217;s going on within your network. Having that visibility is one of the first steps in maturing your organization&#8217;s security posture. <\/p>\n<p>Read More <a href=\"https:\/\/www.darkreading.com\/attacks-breaches\/why-we-need-to-reframe-the-false-positive-problem\">HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Efforts to tune or build behavior- or signature-based threat identification requires time and effort most organizations don&#8217;t have.Read More <a href=\"https:\/\/www.darkreading.com\/attacks-breaches\/why-we-need-to-reframe-the-false-positive-problem\">HERE<\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[151],"tags":[],"class_list":["post-44675","post","type-post","status-publish","format-standard","hentry","category-darkreading-ti"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.7 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Why We Need To Reframe the False-Positive Problem 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/why-we-need-to-reframe-the-false-positive-problem\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Why We Need To Reframe the False-Positive Problem 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security &amp; Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/why-we-need-to-reframe-the-false-positive-problem\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2022-01-05T18:00:00+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/eu-images.contentstack.com\/v3\/assets\/blt66983808af36a8ef\/bltebc292e226150b93\/61cb52a52bc2e01034abfd12\/FalsePositive_Dzmitry_Dzemidovich_Alamy.jpg\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/why-we-need-to-reframe-the-false-positive-problem\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/why-we-need-to-reframe-the-false-positive-problem\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"Why We Need To Reframe the False-Positive Problem\",\"datePublished\":\"2022-01-05T18:00:00+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/why-we-need-to-reframe-the-false-positive-problem\\\/\"},\"wordCount\":945,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/why-we-need-to-reframe-the-false-positive-problem\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/eu-images.contentstack.com\\\/v3\\\/assets\\\/blt66983808af36a8ef\\\/bltebc292e226150b93\\\/61cb52a52bc2e01034abfd12\\\/FalsePositive_Dzmitry_Dzemidovich_Alamy.jpg\",\"articleSection\":[\"DarkReading |TI\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/why-we-need-to-reframe-the-false-positive-problem\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/why-we-need-to-reframe-the-false-positive-problem\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/why-we-need-to-reframe-the-false-positive-problem\\\/\",\"name\":\"Why We Need To Reframe the False-Positive Problem 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/why-we-need-to-reframe-the-false-positive-problem\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/why-we-need-to-reframe-the-false-positive-problem\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/eu-images.contentstack.com\\\/v3\\\/assets\\\/blt66983808af36a8ef\\\/bltebc292e226150b93\\\/61cb52a52bc2e01034abfd12\\\/FalsePositive_Dzmitry_Dzemidovich_Alamy.jpg\",\"datePublished\":\"2022-01-05T18:00:00+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/why-we-need-to-reframe-the-false-positive-problem\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/why-we-need-to-reframe-the-false-positive-problem\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/why-we-need-to-reframe-the-false-positive-problem\\\/#primaryimage\",\"url\":\"https:\\\/\\\/eu-images.contentstack.com\\\/v3\\\/assets\\\/blt66983808af36a8ef\\\/bltebc292e226150b93\\\/61cb52a52bc2e01034abfd12\\\/FalsePositive_Dzmitry_Dzemidovich_Alamy.jpg\",\"contentUrl\":\"https:\\\/\\\/eu-images.contentstack.com\\\/v3\\\/assets\\\/blt66983808af36a8ef\\\/bltebc292e226150b93\\\/61cb52a52bc2e01034abfd12\\\/FalsePositive_Dzmitry_Dzemidovich_Alamy.jpg\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/why-we-need-to-reframe-the-false-positive-problem\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Why We Need To Reframe the False-Positive Problem\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Why We Need To Reframe the False-Positive Problem 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/why-we-need-to-reframe-the-false-positive-problem\/","og_locale":"en_US","og_type":"article","og_title":"Why We Need To Reframe the False-Positive Problem 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/why-we-need-to-reframe-the-false-positive-problem\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2022-01-05T18:00:00+00:00","og_image":[{"url":"https:\/\/eu-images.contentstack.com\/v3\/assets\/blt66983808af36a8ef\/bltebc292e226150b93\/61cb52a52bc2e01034abfd12\/FalsePositive_Dzmitry_Dzemidovich_Alamy.jpg","type":"","width":"","height":""}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/why-we-need-to-reframe-the-false-positive-problem\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/why-we-need-to-reframe-the-false-positive-problem\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"Why We Need To Reframe the False-Positive Problem","datePublished":"2022-01-05T18:00:00+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/why-we-need-to-reframe-the-false-positive-problem\/"},"wordCount":945,"commentCount":0,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/why-we-need-to-reframe-the-false-positive-problem\/#primaryimage"},"thumbnailUrl":"https:\/\/eu-images.contentstack.com\/v3\/assets\/blt66983808af36a8ef\/bltebc292e226150b93\/61cb52a52bc2e01034abfd12\/FalsePositive_Dzmitry_Dzemidovich_Alamy.jpg","articleSection":["DarkReading |TI"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.threatshub.org\/blog\/why-we-need-to-reframe-the-false-positive-problem\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/why-we-need-to-reframe-the-false-positive-problem\/","url":"https:\/\/www.threatshub.org\/blog\/why-we-need-to-reframe-the-false-positive-problem\/","name":"Why We Need To Reframe the False-Positive Problem 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/why-we-need-to-reframe-the-false-positive-problem\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/why-we-need-to-reframe-the-false-positive-problem\/#primaryimage"},"thumbnailUrl":"https:\/\/eu-images.contentstack.com\/v3\/assets\/blt66983808af36a8ef\/bltebc292e226150b93\/61cb52a52bc2e01034abfd12\/FalsePositive_Dzmitry_Dzemidovich_Alamy.jpg","datePublished":"2022-01-05T18:00:00+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/why-we-need-to-reframe-the-false-positive-problem\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/why-we-need-to-reframe-the-false-positive-problem\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/why-we-need-to-reframe-the-false-positive-problem\/#primaryimage","url":"https:\/\/eu-images.contentstack.com\/v3\/assets\/blt66983808af36a8ef\/bltebc292e226150b93\/61cb52a52bc2e01034abfd12\/FalsePositive_Dzmitry_Dzemidovich_Alamy.jpg","contentUrl":"https:\/\/eu-images.contentstack.com\/v3\/assets\/blt66983808af36a8ef\/bltebc292e226150b93\/61cb52a52bc2e01034abfd12\/FalsePositive_Dzmitry_Dzemidovich_Alamy.jpg"},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/why-we-need-to-reframe-the-false-positive-problem\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"Why We Need To Reframe the False-Positive Problem"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/44675","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=44675"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/44675\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=44675"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=44675"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=44675"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}