I concern gateway devices in Tuning Parameters.
If it is enabled, what can it detect?
Why does it increase false positive?
Can I see the detections in Detection Catalog?
By default, gateway devices are ignored by rules-based detections because they can result in redundant or frequent detections.
Select this option to identify potential issues with gateway devices such as your firewalls, routers, and NAT gateways.