From 64eb7e79a71650553146244ee56c85ffc95d99c8 Mon Sep 17 00:00:00 2001 From: Ben Skelker Date: Mon, 3 Aug 2020 19:15:55 +0300 Subject: [PATCH] adds promoted endpoint events --- docs/siem/detections/detection-engine-intro.asciidoc | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/docs/siem/detections/detection-engine-intro.asciidoc b/docs/siem/detections/detection-engine-intro.asciidoc index 35dd24d09a..9968e24c92 100644 --- a/docs/siem/detections/detection-engine-intro.asciidoc +++ b/docs/siem/detections/detection-engine-intro.asciidoc @@ -30,6 +30,12 @@ There are two special prebuilt rules you need to know about: Elastic Endpoint alerts. To receive Elastic Endpoint alerts, you must install the Endpoint agent on your hosts (BEN: see xref). + +When this rule is enabled, the following Endpoint events are displayed as +detection alerts: ++ +** Malware Prevention Alert +** Malware Detection Alert ++ NOTE: When you load the prebuilt rules, this is the only rule that is enabled by default.