++

rules/integrations/endpoint/defense_evasion_elastic_memory_threat_detected.toml

@@ -14,7 +14,7 @@ Generates a detection alert each time an Elastic Defend alert for memory signatu
 allows you to immediately begin investigating your Endpoint memory signature alerts. This rule identifies Elastic Defend
 memory signature detections only, and does not include prevention alerts.
 """
-enabled = true
+enabled = false
 from = "now-10m"
 index = ["logs-endpoint.alerts-*"]
 interval = "5m"
@@ -99,7 +99,7 @@ Memory Threat - Prevented - Elastic Defend (UUID: 06f3a26c-ea35-11ee-a417-f661ea
 Ransomware - Detected - Elastic Defend (UUID: 0c74cd7e-ea35-11ee-a417-f661ea17fbce)
 Ransomware - Prevented - Elastic Defend (UUID: 10f3d520-ea35-11ee-a417-f661ea17fbce)
 
-To avoid creation of duplicate alerts, all rules mentioned above or the Elastic Defend rule (UUID: 9a1a2dae-0b5f-4c3d-8305-a268d404c306) should be enabled.
+To avoid generating duplicate alerts, you should enable either all feature-specific protection rules or the Endpoint Security (Elastic Defend) rule (UUID: 9a1a2dae-0b5f-4c3d-8305-a268d404c306).
 
 ### Additional notes
 This rule is configured to generate more **Max alerts per run** than the default 1000 alerts per run set for all rules. This is to ensure that it captures as many alerts as possible.

rules/integrations/endpoint/defense_evasion_elastic_memory_threat_prevented.toml

@@ -14,7 +14,7 @@ Generates a detection alert each time an Elastic Defend alert for memory signatu
 allows you to immediately begin investigating your Endpoint memory signature alerts. This rule identifies Elastic Defend
 memory signature preventions only, and does not include detection only alerts.
 """
-enabled = true
+enabled = false
 from = "now-10m"
 index = ["logs-endpoint.alerts-*"]
 interval = "5m"
@@ -98,7 +98,7 @@ Memory Threat - Prevented - Elastic Defend (UUID: 06f3a26c-ea35-11ee-a417-f661ea
 Ransomware - Detected - Elastic Defend (UUID: 0c74cd7e-ea35-11ee-a417-f661ea17fbce)
 Ransomware - Prevented - Elastic Defend (UUID: 10f3d520-ea35-11ee-a417-f661ea17fbce)
 
-To avoid creation of duplicate alerts, all rules mentioned above or the Elastic Defend rule (UUID: 9a1a2dae-0b5f-4c3d-8305-a268d404c306) should be enabled.
+To avoid generating duplicate alerts, you should enable either all feature-specific protection rules or the Endpoint Security (Elastic Defend) rule (UUID: 9a1a2dae-0b5f-4c3d-8305-a268d404c306).
 
 ### Additional notes
 This rule is configured to generate more **Max alerts per run** than the default 1000 alerts per run set for all rules. This is to ensure that it captures as many alerts as possible.

rules/integrations/endpoint/elastic_endpoint_security_behavior_detected.toml

@@ -14,7 +14,7 @@ Generates a detection alert each time an Elastic Defend alert for malicious beha
 allows you to immediately begin investigating your Endpoint behavior alerts. This rule identifies Elastic Defend
 behavior detections only, and does not include prevention alerts.
 """
-enabled = true
+enabled = false
 from = "now-10m"
 index = ["logs-endpoint.alerts-*"]
 interval = "5m"

rules/integrations/endpoint/elastic_endpoint_security_behavior_prevented.toml

@@ -14,7 +14,7 @@ Generates a detection alert each time an Elastic Defend alert for malicious beha
 allows you to immediately begin investigating your Endpoint behavior alerts. This rule identifies Elastic Defend
 behavior preventions only, and does not include detection only alerts.
 """
-enabled = true
+enabled = false
 from = "now-10m"
 index = ["logs-endpoint.alerts-*"]
 interval = "5m"
@@ -83,7 +83,7 @@ Memory Threat - Prevented - Elastic Defend (UUID: 06f3a26c-ea35-11ee-a417-f661ea
 Ransomware - Detected - Elastic Defend (UUID: 0c74cd7e-ea35-11ee-a417-f661ea17fbce)
 Ransomware - Prevented - Elastic Defend (UUID: 10f3d520-ea35-11ee-a417-f661ea17fbce)
 
-To avoid creation of duplicate alerts, all rules mentioned above or the Elastic Defend rule (UUID: 9a1a2dae-0b5f-4c3d-8305-a268d404c306) should be enabled.
+To avoid generating duplicate alerts, you should enable either all feature-specific protection rules or the Endpoint Security (Elastic Defend) rule (UUID: 9a1a2dae-0b5f-4c3d-8305-a268d404c306).
 
 ### Additional notes
 This rule is configured to generate more **Max alerts per run** than the default 1000 alerts per run set for all rules. This is to ensure that it captures as many alerts as possible.

rules/integrations/endpoint/execution_elastic_malicious_file_detected.toml

@@ -14,7 +14,7 @@ Generates a detection alert each time an Elastic Defend alert for malicious file
 you to immediately begin investigating your Endpoint malicious file alerts. This rule identifies Elastic Defend
 malicious file detections only, and does not include prevention alerts.
 """
-enabled = true
+enabled = false
 from = "now-10m"
 index = ["logs-endpoint.alerts-*"]
 interval = "5m"
@@ -91,7 +91,7 @@ Memory Threat - Prevented - Elastic Defend (UUID: 06f3a26c-ea35-11ee-a417-f661ea
 Ransomware - Detected - Elastic Defend (UUID: 0c74cd7e-ea35-11ee-a417-f661ea17fbce)
 Ransomware - Prevented - Elastic Defend (UUID: 10f3d520-ea35-11ee-a417-f661ea17fbce)
 
-To avoid creation of duplicate alerts, all rules mentioned above or the Elastic Defend rule (UUID: 9a1a2dae-0b5f-4c3d-8305-a268d404c306) should be enabled.
+To avoid generating duplicate alerts, you should enable either all feature-specific protection rules or the Endpoint Security (Elastic Defend) rule (UUID: 9a1a2dae-0b5f-4c3d-8305-a268d404c306).
 
 ### Additional notes
 This rule is configured to generate more **Max alerts per run** than the default 1000 alerts per run set for all rules. This is to ensure that it captures as many alerts as possible.

rules/integrations/endpoint/execution_elastic_malicious_file_prevented.toml

@@ -14,7 +14,7 @@ Generates a detection alert each time an Elastic Defend alert for malicious file
 you to immediately begin investigating your Endpoint malicious file alerts. This rule identifies Elastic Defend
 malicious file preventions only, and does not include detection only alerts.
 """
-enabled = true
+enabled = false
 from = "now-10m"
 index = ["logs-endpoint.alerts-*"]
 interval = "5m"
@@ -90,7 +90,7 @@ Memory Threat - Prevented - Elastic Defend (UUID: 06f3a26c-ea35-11ee-a417-f661ea
 Ransomware - Detected - Elastic Defend (UUID: 0c74cd7e-ea35-11ee-a417-f661ea17fbce)
 Ransomware - Prevented - Elastic Defend (UUID: 10f3d520-ea35-11ee-a417-f661ea17fbce)
 
-To avoid creation of duplicate alerts, all rules mentioned above or the Elastic Defend rule (UUID: 9a1a2dae-0b5f-4c3d-8305-a268d404c306) should be enabled.
+To avoid generating duplicate alerts, you should enable either all feature-specific protection rules or the Endpoint Security (Elastic Defend) rule (UUID: 9a1a2dae-0b5f-4c3d-8305-a268d404c306).
 
 ### Additional notes
 This rule is configured to generate more **Max alerts per run** than the default 1000 alerts per run set for all rules. This is to ensure that it captures as many alerts as possible.

rules/integrations/endpoint/impact_elastic_ransomware_detected.toml

@@ -14,7 +14,7 @@ Generates a detection alert each time an Elastic Defend alert for ransomware are
 to immediately begin investigating your Endpoint ransomware alerts. This rule identifies Elastic Defend ransomware
 detections only, and does not include prevention alerts.
 """
-enabled = true
+enabled = false
 from = "now-10m"
 index = ["logs-endpoint.alerts-*"]
 interval = "5m"
@@ -81,7 +81,7 @@ Memory Threat - Prevented - Elastic Defend (UUID: 06f3a26c-ea35-11ee-a417-f661ea
 Ransomware - Detected - Elastic Defend (UUID: 0c74cd7e-ea35-11ee-a417-f661ea17fbce)
 Ransomware - Prevented - Elastic Defend (UUID: 10f3d520-ea35-11ee-a417-f661ea17fbce)
 
-To avoid creation of duplicate alerts, all rules mentioned above or the Elastic Defend rule (UUID: 9a1a2dae-0b5f-4c3d-8305-a268d404c306) should be enabled.
+To avoid generating duplicate alerts, you should enable either all feature-specific protection rules or the Endpoint Security (Elastic Defend) rule (UUID: 9a1a2dae-0b5f-4c3d-8305-a268d404c306).
 
 ### Additional notes
 This rule is configured to generate more **Max alerts per run** than the default 1000 alerts per run set for all rules. This is to ensure that it captures as many alerts as possible.

rules/integrations/endpoint/impact_elastic_ransomware_prevented.toml

@@ -14,7 +14,7 @@ Generates a detection alert each time an Elastic Defend alert for ransomware are
 to immediately begin investigating your Endpoint ransomware alerts. This rule identifies Elastic Defend ransomware
 preventions only, and does not include detection only alerts.
 """
-enabled = true
+enabled = false
 from = "now-10m"
 index = ["logs-endpoint.alerts-*"]
 interval = "5m"
@@ -82,7 +82,7 @@ Memory Threat - Prevented - Elastic Defend (UUID: 06f3a26c-ea35-11ee-a417-f661ea
 Ransomware - Detected - Elastic Defend (UUID: 0c74cd7e-ea35-11ee-a417-f661ea17fbce)
 Ransomware - Prevented - Elastic Defend (UUID: 10f3d520-ea35-11ee-a417-f661ea17fbce)
 
-To avoid creation of duplicate alerts, all rules mentioned above or the Elastic Defend rule (UUID: 9a1a2dae-0b5f-4c3d-8305-a268d404c306) should be enabled.
+To avoid generating duplicate alerts, you should enable either all feature-specific protection rules or the Endpoint Security (Elastic Defend) rule (UUID: 9a1a2dae-0b5f-4c3d-8305-a268d404c306).
 
 ### Additional notes
 This rule is configured to generate more **Max alerts per run** than the default 1000 alerts per run set for all rules. This is to ensure that it captures as many alerts as possible.