Getting started: Behavioral Detection Engine

The Behavioral Detection Engine (BDE) uses a behavioral detection policy, which aligned with the MITRE framework, to send detection rules to your users’ devices. According to the detection rules, alerts are raised based on the alert threshold and remediation steps automatically take place. The BDE eases the burden of configuring and managing

CylanceOPTICS

when compared to using the legacy rule sets.

In the

Cylance

console, you can create the detection policy where you configure the alert threshold and the automated remediation steps according to the response threshold. After you configure the BDE policy, you must link it to a device policy and apply the device policy to devices within your organization. This guide provides an overview of the BDE policy, how to link it with a device policy, manage BDE policy content updates, review alerts, and create exceptions. It also includes guidance and best practices for how start using BDE and recommendations related to automated responses.

If you are an existing

CylanceOPTICS

customer using legacy rule sets, it is recommended that you migrate from using legacy rule sets to BDE policies. For more information, see the Behavioral Detection Engine Migration Guide.