I do not see it documented anywhere but my assumption is the "Prebuilt Security Detection Rules" integration is there so we can install the assets in Elasticsearch and not actually add this integration to policies?
Can someone tell me if this should be added to policies and why?
Heya @ARDiver86 
, that's a great question, let me try to resolve the confusion.
TL;DR: you don't need to add the "Prebuilt Security Detection Rules" integration to any agent policies; it's only used for shipping assets (in this case - prebuilt detection rules).
Prebuilt detection rules that you can install in Security Solution are being developed in GitHub - elastic/detection-rules: Rules for Elastic Security's detection engine. As part of their release process, a few times per each Kibana release Elastic packages them to a "Prebuilt Security Detection Rules" fleet package and publishes it to the official Elastic Package Registry. Once that happens, the updated rules become available in Fleet/Integrations as the "Prebuilt Security Detection Rules" integration.
A few details about it:
Let me know if this clears it up.
I kind of figured it wouldn't need to be added but it does let you, so I was just trying to make sure there wasn't something I was missing. Thank you for the explanation!
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.