diff --git a/backend/routes/ivantiFpWorkflow.js b/backend/routes/ivantiFpWorkflow.js
index 7726b65..332abc5 100644
--- a/backend/routes/ivantiFpWorkflow.js
+++ b/backend/routes/ivantiFpWorkflow.js
@@ -859,31 +859,12 @@ function createIvantiFpWorkflowRouter(db, requireAuth) {
 
             const mapUrl = `/client/${encodeURIComponent(clientId)}/workflowBatch/falsePositive/${encodeURIComponent(mapUuid)}/map`;
 
-            // Map endpoint likely expects multipart/form-data like the create endpoint.
-            // Try both: first as JSON POST, fall back to multipart if that fails.
+            // Use multipart form (same format as the create endpoint)
+            const formFields = [{ name: 'subjectFilterRequest', value: buildSubjectFilterRequest(findingIds) }];
+
             let mapResult;
-            const mapBody = {
-                subject: 'hostFinding',
-                filterRequest: {
-                    filters: [{
-                        field: 'id',
-                        exclusive: false,
-                        operator: 'IN',
-                        value: findingIds.map(id => String(id)).join(',')
-                    }]
-                }
-            };
-
             try {
-                // Try JSON first
-                mapResult = await ivantiPost(mapUrl, mapBody, apiKey, skipTls);
-
-                // If JSON returns 500/415, retry as multipart form
-                if (mapResult.status === 500 || mapResult.status === 415) {
-                    console.log('[mapFindings] JSON POST returned', mapResult.status, '— retrying as multipart form');
-                    const formFields = [{ name: 'subjectFilterRequest', value: buildSubjectFilterRequest(findingIds) }];
-                    mapResult = await ivantiFormPost(mapUrl, formFields, [], apiKey, skipTls);
-                }
+                mapResult = await ivantiFormPost(mapUrl, formFields, [], apiKey, skipTls);
             } catch (networkErr) {
                 logAudit(db, {
                     userId: req.user.id, username: req.user.username,
@@ -897,7 +878,7 @@ function createIvantiFpWorkflowRouter(db, requireAuth) {
             if (mapResult.status !== 200 && mapResult.status !== 201 && mapResult.status !== 202) {
                 console.error('[mapFindings] Ivanti map failed — status:', mapResult.status, 'body:', (mapResult.body || '').substring(0, 500));
                 console.error('[mapFindings] Request URL:', mapUrl);
-                console.error('[mapFindings] Last attempt body/fields — JSON:', JSON.stringify(mapBody).substring(0, 300));
+                console.error('[mapFindings] Request fields:', JSON.stringify(formFields));
                 const errorMap = {
                     401: 'Ivanti API key is invalid or missing. Contact your administrator.',
                     419: 'API key lacks permissions for this operation.',
@@ -1064,10 +1045,13 @@ function createIvantiFpWorkflowRouter(db, requireAuth) {
 
                 const attachUrl = `/client/${encodeURIComponent(clientId)}/workflowBatch/falsePositive/${encodeURIComponent(attachUuid)}/attach`;
                 const attachmentResults = [];
+                console.log('[attachFiles] Uploading', files.length, 'files to', attachUrl);
 
                 for (const f of files) {
+                    console.log('[attachFiles] Uploading:', f.originalname, 'size:', f.size);
                     try {
                         const result = await ivantiMultipartPost(attachUrl, f.buffer, f.originalname, apiKey, skipTls);
+                        console.log('[attachFiles] Result for', f.originalname, '— status:', result.status);
                         const success = result.status === 200 || result.status === 201 || result.status === 202;
                         attachmentResults.push({ filename: f.originalname, success, ...(success ? {} : { error: `Upload failed: ${result.status}` }) });
                     } catch (uploadErr) {