Skip Navigation
  1. BlackBerry Docs
  2. Behavioral Detection Getting Started Guide
  3. Managing detection rule updates

Managing detection rule updates

Cylance
 continues to develop
CylanceOPTICS
 detection rules for new and emerging threats. To streamline the time to value, and minimize the overhead required to benefit from the new rules, we have automated the deployment process.
When updates are available for detection rules, a notification appears in the
Cylance
 console on the
CylanceOPTICS
 > Behavioral Detection Engine
 screen.
Screenshot showing that content updates are available from the BDE screen.
You can click the notification to view the details of each update available.  For each update, you can expand it to view the changes, grouped by the detection technique. Knowledge base (KB) articles are available for more information about some of the updates.
Screenshot showing a list of BDE content updates
Screenshot showing the details of a BDE content update
As soon as an update is available, the new rules are automatically pushed to devices according to the BDE policy that is already assigned to those devices. Until the rules are accepted, the rules will operate in Alert Only mode. Users and devices will not be impacted due to potentially untuned false positives. This allows administrators to observe the performance and impact of the new rules, and provides an opportunity for any tuning or exception creation prior to accepting the rules and enforcing them. Enforcement means any defined automated responses are applied when the detection rule is triggered.
If business continuity issues arise at any point during enforcement, you can change the BDE policy to Alert Only mode to allow administrators to review alerts and tune their environments without impacting users before enforcing the rules again.