Hey,
I've discovered a false positive in the rule Suspicious JAVA Child Process (which is quite scary at this time of the year...) with the meeting-software Jitsi that should affect some other people. Is there currently a way to report false positives to the detection engineering team, and how would Elastic currently implement them? e.g. through pre-populated exceptions for rules?
The issue type " Tune existing rule" on Github explicitly states: "Suggestion for logic changes to an existing rule". To me this sounds like you're currently not looking for individual false positive reports?
The gist of it: the Jitsi Video Bridge (JVB) component spawns bash commands at startup. This is picked up by detection engine as follows:
