Streamlined False Positive & False Negative Reporting - Directly to Our Analysis Team

There are moments every server admin dreads. Like when your security tool blocks a file that you know is safe, and when you find a suspicious file that your tool missed entirely.

False positives are frustrating disruptions that can break a site and create support tickets, while false negatives cause a nagging uncertainty that leaves you wondering what else might be lurking undetected. In both cases, you want to report it because you want the system to get smarter.

But previously, submitting a file for analysis might have felt like sending it into a black hole. You do your part, but you never find out what happens next. Was it reviewed? Was it a true threat? Could it be included in the next signature update?

Now, we’re changing that.

Your Feedback Deserves a Response

Here at Imunify, we see security as a partnership. Our security analysts, automated systems, and threat intelligence network are on patrol 24/7, but you, as the expert on the ground, provide us with invaluable insights when you report issues. That’s why we’re introducing an improved way to submit false positives and false negatives directly to our analysis team: a new command-line submission tool.

Why This Matters:

• For You: No more guessing. Submit a file and use the same tool to check its status and see the final verdict from our analysis team. For admins dealing with an occasional false positive, this provides a clear path to a resolution.
• For Everyone: Every valid submission contributes to a stronger defense network by helping us refine our signatures. When you report a valid false negative, you help us write the rules to detect that threat on millions of other servers. When you report a valid false positive, you help us reduce noise and disruptions for the entire community.

How to Get Started:

The new process is handled via a command-line script, designed for server administrators who want a quick and automatable way to interact directly with our systems.

1. Prerequisites

Before you begin, please ensure your server meets the following requirements:

• Imunify360 v6.7.3+: Follow the update instructions if you are on an earlier version
• jq JSON processor: 
  • If not installed, you can add it with: yum install jq -y
  • Might also need to install jq dependencies:

• Root privileges: The script requires root access to function correctly.

2. Preparations

There is one quick step to get the tool ready:

• Create an API Token: You'll need an API key to authenticate. Navigate to cm.imunify.com/#/tokens, log in with your Imunify/CLN account credentials, then click "Create API key" to generate a new key. This key can be used across all your servers.

3. How to Use the Tool

The script uses environment variables to pass arguments. You can always see the latest options with the --help flag.

To Submit a File (--post)

Use the --post (or -p) flag to submit a file. You'll need to provide the FILE_PATH, the REASON (false_positive or false_negative), and your API_TOKEN. You can also add an optional NOTE for context, like a support ticket number.

Example of submitting a false negative:

The system will respond with a unique _id for your submission, which you can use to track it.

To Check Submission Status (--get)

Use the --get (or -g) flag to fetch the status of your submissions. You can filter by SUBMISSION_ID, NOTE, FILE_PATH, and other parameters.

Example of fetching results using the note from the previous submission:

The response will include a verdicts section. If the section is empty, the file is still being processed. If it contains data, you will see the final verdict from our analysts, including the date and any comments.

Example response with a verdict:

This improved process is a key step in providing you with the transparency you deserve. We look forward to your feedback as we continue to work together to make Imunify360's protection more precise and effective. Please reach out to our support team if you have any questions or feedback