Behavioral Detection Engine features
The is a list of features and improved experiences included with the BDE:
- Refreshed content library: A fully redesigned detection rules library that focuses on maximum coverage across MITRE ATT&CK and high-efficacy threat identification.
- MITRE metadata tagging: Events are automatically tagged with MITRE tactics and techniques, enabling faster, more targeted threat investigations and richer AI summaries.
- Observation rules: The new observation rule type and alert thresholding ensures high-value telemetry is collected without raising unnecessary alerts. This means that the BDE can enact policies with a much lower level of noise without missing important data that may be hiding in a low-efficacy signal.
- Streamlined exception management: A new experience for managing exceptions that is decoupled from the policy and centrally managed across the environment for any use case such as tenant, zones, policies, devices.
- Easier to maintain: Simplified AI-assisted workflows through the Alerts View makes it easier to tune exceptions with minimal overhead.
- Automated updates to detection rules: Delivers frictionless updates to detection rules libraries, reducing operational risks.