Currently, in 11.3 Active Threat Analytics are same types of threats / cases being created by the system which user need to close it manually. e.g. Core banking Application is using different source application, IBM Guardium Threat analytics says "high volume of data extraction activity taken place" and this same type of alert / threat is being generated again and again although its normal behavior of application.
We want, there should be some type of enhancement that give user authenticity to whitelist that particular threat. Once we have whitelist the threat that particular threat should not be appeared again.
Do not place IBM confidential, company confidential, or personal information into any field.