Skip to content

Commit

Permalink
Update rules/integrations/endpoint/execution_elastic_malicious_file_p…
Browse files Browse the repository at this point in the history 
…revented.toml

Co-authored-by: Terrance DeJesus <[email protected]>
  • Loading branch information
@Samirbous @terrancedejesus
Samirbous and terrancedejesus authored Dec 18, 2024
1 parent a424067 commit 7e6dbcf
Showing 1 changed file with 0 additions and 1 deletion.
1 change: 0 additions & 1 deletion rules/integrations/endpoint/execution_elastic_malicious_file_prevented.toml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,6 @@ Elastic Endpoint malware protection leverages a combination of supervised machin
Files are scanned on write or deletion, process executables are scanned on executions and libraries are scanned on load. You can differentiate these types by looking at the `event.action` field in the alert. It can be execution, `load`, `creation`, `modification`, or `deletion`. Scanning files written to disk is best effort, while execution or load scanning is done ‘in-line’ for true prevention.
### Possible investigation steps
- For machine learning (ML) malware alerts the `file.Ext.malware_classification.score` and `file.Ext.malware_classification.version` fields indicate which model version was used to classify the file and the classification score (0 to 1).
Expand Down

0 comments on commit 7e6dbcf

Please sign in to comment.