Integration: security_detection_engine-1

Is this needed?

Elastic Endpoint seems to be working great without it, so I'm wondering why it's there and why should I assign is as an integration to my agents?

Hey @lamp123432 , that integration will allow you to apply "out of band" rule updates to Elastic Security, instead of having to wait for the next release. It's not needed for Elastic Security, or the Endpoint Security integration to function, it's there for convenience.

1 Like

With @jamesspi's reply in mind, I would recommend that you enable those OOB updates if you're using the Security solution. We update prebuilt rules frequently to improve efficacy and reduce noise, in addition to new rules for emerging and other threats. Those things will still be available for manual installation and will show up in the next minor release, should you prefer those methods.

1 Like

Hello, by OOB, you mean if a computer disconnects from the internet? Does this mean that without this integration, the PC becomes vulnerable if it becomes OOB?

Hey lamp123432,

No - out of band means released in between official minor releases.


Ah, different meaning in software development vs network : P

Thanks for the help!

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.