-
Notifications
You must be signed in to change notification settings - Fork 91
Elastic Defend advanced settings #1445
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
base: main
Are you sure you want to change the base?
Conversation
Thanks. I'll review this as soon as I can. @joe-desimone @gabriellandau @magermark @nfritts you may want to review also and/or mention this to others. |
|
||
*A value of `false` disables cloud lookup for alerts. Default: `true`.* | ||
|
||
Before blocking or alerting on malware files, {{elastic-endpoint}} reaches out to an Elastic cloud service ([https://cloud.security.elastic.co](https://cloud.security.elastic.co)) to see if the alert is a known false positive. Use this setting to disable this feature. Enabling or disabling this feature doesn't affect malware prevention's efficacy. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Before blocking or alerting on malware files, {{elastic-endpoint}} reaches out to an Elastic cloud service ([https://cloud.security.elastic.co](https://cloud.security.elastic.co)) to see if the alert is a known false positive. Use this setting to disable this feature. Disabling this feature may result in higher false positive rates.
|
||
*A value of `false` disables malicious sample collection for alerts. Default: `true`.* | ||
|
||
To help improve future malware detection, Elastic collects samples of unknown malware files for {{ecloud}} users by default. Use this setting to disable the sample collection. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
To improve the efficacy of malware and reputation protections, Elastic collects samples of unknown malware files. Use this setting to disable the sample collection.
Hi @natasha-moore-elastic @ferullo |
I noticed the in-app help text is included along with additional information (which mirrors the format of the source Google doc). I wonder, now that this online documentation is being added, do we want to shorten the in-app text and provide a link to this page? Or merge the two types of documentation for each option here and then have the in-app text mirror that revised text? Something else? Just leave it as is? I'm up for doing a pass at updating this or the in-app text if you'd like to do any of those things. Otherwise I'm also happy to review this as it is. |
Resolves elastic/security-docs#2234 by documenting the Elastic Defend policy advanced settings in the Reference section.
The setting descriptions consist of the Kibana tooltip text (in italics) and, for most settings, an additional description. The Kibana tooltip text was kept because some settings don't have an additional description.
Preview: Elastic Defend advanced settings