Hello team, We have a requirement where alerts originating from a specific reference set in QRadar, which are known to be 100% false positives, should be automatically closed through SOAR.To achieve this functionality, what objects need to be configured in SOAR? Are there any default playbooks available for this use case? If so, which app provides them? Or would we need to create a custom playbook to handle this scenario?
this will require a custom rule / playbook, but why this is not handled from SIEM side, such case should be whitelisted from the use case / rule itself.