From 6a6567cbf6d4dc62e09059882243a809e1d729ca Mon Sep 17 00:00:00 2001 From: Benjamin Ironside Goldstein Date: Mon, 17 Mar 2025 12:40:28 -0700 Subject: [PATCH 1/2] Removes outdated section --- .../detection-engine-intro.asciidoc | 46 +------------------ 1 file changed, 1 insertion(+), 45 deletions(-) diff --git a/docs/detections/detection-engine-intro.asciidoc b/docs/detections/detection-engine-intro.asciidoc index f649a98a16..5607e31dab 100644 --- a/docs/detections/detection-engine-intro.asciidoc +++ b/docs/detections/detection-engine-intro.asciidoc @@ -84,52 +84,8 @@ In addition, the following support restrictions are in place: <> provides detailed information on all the permissions required to initiate and use the Detections feature. -[discrete] -[[malware-prevention]] -== Malware prevention - -Malware, short for malicious software, is any software program designed to damage or execute unauthorized actions on a -computer system. Examples of malware include viruses, worms, Trojan horses, adware, scareware, and spyware. Some -malware, such as viruses, can severely damage a computer's hard drive by deleting files or directory information. Other -malware, such as spyware, can obtain user data without their knowledge. - -Malware may be stealthy and appear as legitimate executable code, scripts, active content, and other software. It is also -often embedded in non-malicious files, non-suspicious websites, and standard programs — sometimes making the root -source difficult to identify. If infected and not resolved promptly, malware can cause irreparable damage to a computer -network. - -For information on how to enable malware protection on your host, see <>. - -[discrete] -[[machine-learning-model]] -=== Machine learning model - -To determine if a file is malicious or benign, a machine learning model looks for static attributes of files (without executing -the file) that include file structure, layout, and content. This includes information such as file header data, imports, exports, -section names, and file size. These attributes are extracted from millions of benign and malicious file samples, which then -are passed to a machine-learning algorithm that distinguishes a benign file from a malicious one. The machine learning -model is updated as new data is procured and analyzed. - -[discrete] -=== Threshold - -A malware threshold determines the action the agent should take if malware is detected. The Elastic Agent uses a recommended threshold level that generates a balanced number of alerts with a low probability of undetected malware. This threshold also minimizes the number of false positive alerts. - -[discrete] -[[ransomware-prevention]] -== Ransomware prevention - -Ransomware is computer malware that installs discreetly on a user's computer and encrypts data until a specified amount of money (ransom) is paid. Ransomware is usually similar to other malware in its delivery and execution, infecting systems -through spear-phishing or drive-by downloads. If not resolved immediately, ransomware can cause irreparable damage to an entire computer network. - -Behavioral ransomware prevention on the Elastic Endpoint detects and stops ransomware attacks on Windows systems by analyzing data from low-level system processes, and is effective across an array of widespread ransomware families — including those targeting the system’s master boot record. - -For information on how to enable ransomware protection on your host, see <>. - -NOTE: Ransomware prevention is a paid feature and is enabled by default if you have a https://www.elastic.co/pricing[Platinum or Enterprise license]. - [float] -=== Resolve UI error messages +== Resolve UI error messages Depending on your privileges and whether detection system indices have already been created for the {kib} space, you might get one of these error messages when you From 102b238b2161a27999ed7a6d941804db3f88da9a Mon Sep 17 00:00:00 2001 From: Benjamin Ironside Goldstein Date: Mon, 17 Mar 2025 13:10:28 -0700 Subject: [PATCH 2/2] removes broken link --- docs/getting-started/configure-integration-policy.asciidoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/getting-started/configure-integration-policy.asciidoc b/docs/getting-started/configure-integration-policy.asciidoc index 08631f87c9..df46be01ed 100644 --- a/docs/getting-started/configure-integration-policy.asciidoc +++ b/docs/getting-started/configure-integration-policy.asciidoc @@ -55,7 +55,7 @@ to create a new trusted application, find **Trusted applications** in the naviga [[malware-protection]] == Malware protection -{elastic-defend} malware prevention detects and stops malicious attacks by using a <> +{elastic-defend} malware prevention detects and stops malicious attacks by using a machine learning model that looks for static attributes to determine if a file is malicious or benign. By default, malware protection is enabled on Windows, macOS, and Linux hosts.