You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: docs/management/admin/endpoint-protection-rules.asciidoc
+12-12Lines changed: 12 additions & 12 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -14,30 +14,30 @@ When endpoint protection rules are triggered, {elastic-endpoint} alerts are disp
14
14
[[endpoint-sec-rule]]
15
15
== Endpoint Security rule
16
16
17
-
The Endpoint Security rule automatically creates an alert from all incoming {elastic-endpoint} alerts.
17
+
The <<endpoint-security-elastic-defend>> rule automatically creates an alert from all incoming {elastic-endpoint} alerts.
18
18
19
-
NOTE: When you install Elastic prebuilt rules, the {elastic-defend} is enabled by default.
19
+
NOTE: When you install Elastic prebuilt rules, the Endpoint Security ({elastic-defend}) rule is enabled by default.
20
20
21
21
[discrete]
22
22
[[feature-protection-rules]]
23
23
== Feature-specific protection rules
24
24
25
25
The following endpoint protection rules give you more granular control over how you handle the generated alerts. These rules are tailored for each of {elastic-defend}'s endpoint protection features—malware, ransomware, memory threats, and malicious behavior. Enabling these rules allows you to configure more specific actions based on the protection feature and whether the malicious activity was prevented or detected.
26
26
27
-
* Behavior - Detected - {elastic-defend}
28
-
* Behavior - Prevented - {elastic-defend}
29
-
* Malicious File - Detected - {elastic-defend}
30
-
* Malicious File - Prevented - {elastic-defend}
31
-
* Memory Signature - Detected - {elastic-defend}
32
-
* Memory Signature - Prevented - {elastic-defend}
33
-
* Ransomware - Detected - {elastic-defend}
34
-
* Ransomware - Prevented - {elastic-defend}
27
+
* <<behavior-detected-elastic-defend>>
28
+
* <<behavior-prevented-elastic-defend>>
29
+
* <<malicious-file-detected-elastic-defend>>
30
+
* <<malicious-file-prevented-elastic-defend>>
31
+
* <<memory-threat-detected-elastic-defend>>
32
+
* <<memory-threat-prevented-elastic-defend>>
33
+
* <<ransomware-detected-elastic-defend>>
34
+
* <<ransomware-prevented-elastic-defend>>
35
35
36
-
NOTE: If you choose to use the feature-specific protection rules, we recommend that you disable the Endpoint Security rule, as using both will result in duplicate alerts.
36
+
NOTE: If you choose to use the feature-specific protection rules, we recommend that you disable the Endpoint Security ({elastic-defend}) rule, as using both will result in duplicate alerts.
37
37
38
38
To use these rules, you need to manually enable them from the **Rules** page in the {security-app}. Follow the instructions for <<load-prebuilt-rules,installing and enabling Elastic prebuilt rules>>.
39
39
40
40
[discrete]
41
41
== Endpoint security exception handling
42
42
43
-
All endpoint protection rules share a common exception list called the Endpoint Security Exception List. This ensures that if you switch between using the Endpoint Security rule and the feature-specific protection rules, your existing <<endpoint-rule-exceptions, {elastic-endpoint} exceptions>> continue to apply.
43
+
All endpoint protection rules share a common exception list called the Endpoint Security Exception List. This ensures that if you switch between using the Endpoint Security ({elastic-defend}) rule and the feature-specific protection rules, your existing <<endpoint-rule-exceptions, {elastic-endpoint} exceptions>> continue to apply.
![mergify[bot]](https://avatars.githubusercontent.com/in/10562?v=4&size=40){kind=avatar}
0 commit comments