Skip to content

Commit

Permalink
adds promoted endpoint events
Browse files Browse the repository at this point in the history
  • Loading branch information
Ben Skelker committed Aug 3, 2020
1 parent 8b62604 commit 64eb7e7
Showing 1 changed file with 6 additions and 0 deletions.
6 changes: 6 additions & 0 deletions docs/siem/detections/detection-engine-intro.asciidoc
View file
Original file line number Diff line number Diff line change
Expand Up @@ -30,6 +30,12 @@ There are two special prebuilt rules you need to know about:
Elastic Endpoint alerts. To receive Elastic Endpoint alerts, you must install
the Endpoint agent on your hosts (BEN: see xref).
+
When this rule is enabled, the following Endpoint events are displayed as
detection alerts:
+
** Malware Prevention Alert
** Malware Detection Alert
+
NOTE: When you load the prebuilt rules, this is the only rule that is enabled
by default.

Expand Down

0 comments on commit 64eb7e7

Please sign in to comment.