blumira-resolutionslisted

# Blumira Resolutions ## Overview Resolutions are the final disposition applied to findings when closing them. Choosing the correct resolution type is critical for accurate security metrics, detection tuning, and compliance reporting. ## Key Concepts ### Resolution Types | Code | Label | Description | When to Use | |------|-------|-------------|-------------| | 10 | Valid | Confirmed real threat | The finding represents a genuine security event. Action was taken (blocked, remediated, etc.) | | 20 | Not Applicable | Doesn't apply | The detection is correct but irrelevant to this environment (e.g., policy doesn't apply to test lab) | | 30 | False Positive | Incorrect detection | The detection fired incorrectly — the activity was benign | ### Impact on Metrics - **Valid** resolutions count toward your confirmed threat statistics - **False Positive** resolutions feed back into detection tuning — high FP rates indicate rules that need adjustment - **Not Applicable** resolutions help identify rules to disable for specific environments ## API Patterns ### List Available Resolutions ``` blumira_resolutions_list ``` Returns all resolution types with their codes, labels, and descriptions. ### Resolve a Finding ``` blumira_findings_resolve finding_id=<UUID> resolution_type=10 notes="Confirmed credential stuffing attack from IP 203.0.113.50. Account locked, password reset forced." ``` ### MSP Finding Resolution ``` blumira_msp_findings_resolve account_id=<UUID> f