Is there any link with the rules description and rules ID for the Sophos Optix alerts, I've been looking in the official documentation but was not able to find anything related to the rules information.
Also is there any documentation related how the platform handles the False Positives.
If you click on the alert it will bring up a pane that details why it is hitting and what you need to do to remediate it.
If you think there is a FP - post the details here or contact support.
Program Manager, Support Readiness | CISSP | Sophos Technical SupportSupport Videos | Product Documentation | @SophosSupport | Sign up for SMS AlertsIf a post solves your question use the 'Verify Answer' link.