False positives are a major problem in security monitoring, causing higher costs and distraction. When following money flows in REMEDYNE the tool will apply rules that are – generally applicable. Best practices or your own rules, but no rule without exception. Your organization maybe has automated processes and therefore certain events are ok if performed like that, e.g. Segregation of Duties (SOD) rules might not apply in certain cases. Or inter-company transactions are considered as safe.
For SOD rules, the user in SAP might indicate that a technical user, used for automation, was performing activities, and therefore certain transactions can be considered safe. For inter-company one can white-list accounts known to be low risk, like inter-company transactions with vendors from the same group.
REMEDYNE has improved how you can define exceptions to the rules in our latest release, and we recommend reading about this here and define and apply rules to reduce your number of findings.