Push Help Center
Ready to help
Help for administrators
Help for admins
Help for employees
Help for employees
Help for administrators
/
Push admin console

How do I classify a Push detection?

You can record the outcome of a detection investigation by classifying detections on the Detections page in the Push admin console.

You can apply classifications via the admin console or the Push REST API.

Classification options are:

  • Not classified: This is the default state.

  • True positive: Use for detections that are confirmed malicious, such as an actual phishing attack.

  • Benign true positive: Use for detections that are accurate but not malicious, such as a penetration test or phishing simulation.

  • False positive: Use for detections that were triggered in error and are not malicious.

To apply a classification using the admin console, go to the detection on the Detections page and open the details slideout. Then use the dropdown to choose a classification.

Detections classification slideout option - KB 10137

You can also bulk-apply classifications. Select the detections you wish to classify from the Detections page, then go to Bulk actions > Set classification.

Detection classification bulk action - KB 10137

You can also use the API to apply classifications, and Push webhooks to get alerted when a classification has been set or changed.

Need more help?
Questions, feedback, tech support, sales support - anything you need.
We’ll get back to you within a day.