About the Behavioral Detection Engine

The Behavioral Detection Engine (BDE) introduces a new groundbreaking experience for managing

CylanceOPTICS

detection rules. The BDE simplifies the administration of detection rules and deployments, and includes a set of new detection rules that have been tuned and vetted by our Threat Intelligence team to protect our customers while lessening alert fatigue by limiting alert noise. The BDE also introduces observations, which is the collection of telemetry data for events that occur below the alert threshold configured for your devices.

The BDE has an improved and streamlined process for managing and deploying detection rules. With alert thresholding and observations, the BDE can enact policies with a much lower level of noise without missing important data that may be hiding in low-efficacy signal. The new experience for managing exceptions allows you to define the conditions once, and then assign the exception to devices using flexible assignment criteria such as a global assignment, zones or device policies. This removes the need to duplicate the exception for each policy in your tenant.

This guide highlights some key considerations to help administrators who are already using legacy rulesets transition to use the BDE. You can also review the Behavioral Detection Engine Getting Started Guide, which includes best practices information.