Intel Security SNS ProTip for SIEM: How to submit a SIEM GTI feed false positive

Version 1

    If there is suspicion that the SIEM GTI feed is misreporting an IP address then there is a process that can be followed to submit it as a false positive. KB84925 ( goes over some basic information on Global Threat Intelligence on the SIEM platform and describes how to submit samples. Please contact support if you have any questions not addressed in the article.


    For more resources, visit the ServicePortal ( and search for related content. Also, visit the McAfee SIEM Community (


    SNS ProTips help you maximize your protection with troubleshooting, best practices, how-to tips, and links to Knowledge Center resources. To unsubscribe from ProTips or change your SNS settings, visit the SNS Subscription Center.