What do you mean with false positive ?
A rogue AP is an AP in your physical environment that doesn't belong to you. So the alerts are probably not false positive.
It's not WCS that does the detection, it's the WLCs.
If they hear an AP that does not belong to that WLC or any other WLC in the rf domain, then it's a rogue.
You then have rogue classification rules since sw version 5.x so you can say "rogues broadcasting the SSID Hotel are actually ok, they are friendly rogues".
From there, what is classified as malicious rogue can be contained, i.e. your APs can send deauthentication frames to it.
To detect if a rogue AP is connected to your network, you need to have enable RLDP (rogue location discovery protocol) on the WLCs. Your APs will then associate to the rogues (if their ssid is open) and send special frames.
You then need an AP in "rogue detector" mode on your network to pickup that frame and see if the rogue is a wired rogue.
Switchport tracing requires you to "manage" the switches from WCS.