Skip to content

Commit 38ff10c

Browse files
author
David Curwin
committed
Fileless attack alerts deprecation
1 parent acecad1 commit 38ff10c

File tree

1 file changed

+19
-0
lines changed

1 file changed

+19
-0
lines changed

articles/defender-for-cloud/upcoming-changes.md

Lines changed: 19 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -46,6 +46,25 @@ If you're looking for the latest release notes, you can find them in the [What's
4646
| [Deprecating two security incidents](#deprecating-two-security-incidents) | | November 2023 |
4747
| [Defender for Cloud plan and strategy for the Log Analytics agent deprecation](#defender-for-cloud-plan-and-strategy-for-the-log-analytics-agent-deprecation) | | August 2024 |
4848

49+
## Deprecation of fileless attack alerts
50+
51+
**Announcement date: April 18, 2024**
52+
53+
**Estimated date for change: May 2024**
54+
55+
In May 2024, to enhance the quality of security alerts for Defender for Servers, the fileless attack alerts specific to Windows and Linux virtual machines will be discontinued. These alerts will instead be generated by Defender for Endpoint:
56+
57+
- Fileless attack toolkit detected (VM_FilelessAttackToolkit.Windows)
58+
- Fileless attack technique detected (VM_FilelessAttackTechnique.Windows)
59+
- Fileless attack behavior detected (VM_FilelessAttackBehavior.Windows)
60+
- Fileless Attack Toolkit Detected (VM_FilelessAttackToolkit.Linux)
61+
- Fileless Attack Technique Detected (VM_FilelessAttackTechnique.Linux)
62+
- Fileless Attack Behavior Detected (VM_FilelessAttackBehavior.Linux)
63+
64+
All security scenarios covered by the deprecated alerts are fully covered Defender for Endpoint threat alerts.
65+
66+
If you already have the Defender for Endpoint integration enabled, there's no action required on your part. In May 2024 you might experience a decrease in your alerts volume, but still remain protected. If you don't currently have Defender for Endpoint integration enabled in Defender for Servers, you need to enable integration to maintain and improve your alert coverage. All Defender for Server customers can access the full value of Defender for Endpoint's integration at no additional cost. For more information, see [Enable Defender for Endpoint integration](enable-defender-for-endpoint.md).
67+
4968
## Change in CIEM assessment IDs
5069

5170
**Announcement date: April 16, 2024**

0 commit comments

Comments
 (0)