Regarding elastic defend integration auto updates. How frequently do these auto updates occur? How frequently are new threat detections updated?
Hello,
The protection artifacts that power Elastic Defend are continually updated to maintain a high efficacy against an evolving threat landscape. Some of these artifacts ship on fairly regular cadence, while others are more sporadic in response to emerging threats.
- PE and MachO malware models are updated once monthly
- Hash exceptionlists to mitigate model false positives are released daily (~Monday-Thursday)
- Behavioral rules are updated twice monthly
- Yara rules and ransomware protection are updated sporadically/as needed
- Global config, exceptions, and event filters are updated sporadically/as needed
Keep in mind that this not completely rigid and we may ship more or less often as needed to maintain our efficacy and stability targets. Also worth noting, default Elastic Defend checks for new updates once an hour by default.
Thank you!
4 Likes