QUESTION

We are getting false positive alerts from the IP address 34.203.203.23, which is listed in Panther's Sunburst IP range from a few years back. How do I resolve this or remove this IP address from the Sunburst IP range list?

ANSWER

 

The Sunburst IOC rule is deprecated and should be disabled. Please disable the Sunburst IOC detections in your Panther Console. See Panther’s documentation on Detection Packs for more information on disabling packs.