New

The executive guide to generative AI

Read more

Malware - Prevented - Elastic Endpoint

edit

Malware - Prevented - Elastic Endpoint

edit

Elastic Endpoint prevented Malware. Click the Elastic Endpoint icon in the event.module column or the link in the rule.reference column in the External Alerts tab of the SIEM Detections page for additional information.

Rule indices:

  • endgame-*

Severity: high

Risk score: 73

Runs every: 10 minutes

Searches indices from: now-660s (Date Math format, see also Additional look-back time)

Maximum signals per execution: 100

Tags:

  • Elastic
  • Endpoint

Rule version: 1

Added (Elastic Stack release): 7.6.0

Rule query

edit
event.kind:alert and event.module:endgame and
event.action:file_classification_event and
endgame.metadata.type:prevention

On this page

Was this helpful?
Feedback