Elastic Defend advanced settings #1445
Conversation
natasha-moore-elastic
added
the
Team:Experience
|
Thanks. I'll review this as soon as I can. @joe-desimone @gabriellandau @magermark @nfritts you may want to review also and/or mention this to others. |
|
|
||
| *A value of `false` disables cloud lookup for alerts. Default: `true`.* | ||
|
|
||
| Before blocking or alerting on malware files, {{elastic-endpoint}} reaches out to an Elastic cloud service ([https://cloud.security.elastic.co](https://cloud.security.elastic.co)) to see if the alert is a known false positive. Use this setting to disable this feature. Enabling or disabling this feature doesn't affect malware prevention's efficacy. |
There was a problem hiding this comment.
Before blocking or alerting on malware files, {{elastic-endpoint}} reaches out to an Elastic cloud service ([https://cloud.security.elastic.co](https://cloud.security.elastic.co)) to see if the alert is a known false positive. Use this setting to disable this feature. Disabling this feature may result in higher false positive rates.
|
|
||
| *A value of `false` disables malicious sample collection for alerts. Default: `true`.* | ||
|
|
||
| To help improve future malware detection, Elastic collects samples of unknown malware files for {{ecloud}} users by default. Use this setting to disable the sample collection. |
There was a problem hiding this comment.
To improve the efficacy of malware and reputation protections, Elastic collects samples of unknown malware files. Use this setting to disable the sample collection.
|
Hi @natasha-moore-elastic @ferullo |
|
I noticed the in-app help text is included along with additional information (which mirrors the format of the source Google doc). I wonder, now that this online documentation is being added, do we want to shorten the in-app text and provide a link to this page? Or merge the two types of documentation for each option here and then have the in-app text mirror that revised text? Something else? Just leave it as is? I'm up for doing a pass at updating this or the in-app text if you'd like to do any of those things. Otherwise I'm also happy to review this as it is. |
Resolves elastic/security-docs#2234 by documenting the Elastic Defend policy advanced settings in the Reference section.
The setting descriptions consist of the Kibana tooltip text (in italics) and, for most settings, an additional description. The Kibana tooltip text was kept because some settings don't have an additional description.
Preview: Elastic Defend advanced settings