Skip Navigation
  1. BlackBerry Docs
  2. Behavioral Detection Engine Migration Guide
  3. Transitioning to the BDE from the legacy ruleset configuration

Transitioning to the BDE from the legacy ruleset configuration

It is simple to transition devices to BDE policies from legacy rule sets. After you have created a BDE policy, in the device policy that is assigned to the devices, change the
Detection engine source
 setting to
BDE policy
 and specify the BDE policy to use. This setting removes the legacy detection rules from the device and loads new detection rules provided by the BDE.
Screenshot of setting the BDE policy from the device policy.
These are the suggested migration steps:
  1. Create a BDE policy, and then set the operating mode to "Alert only".
  2. Create a new test device policy, and then assign a set of devices from across the organization to it for testing purposes. It is important to include devices from users with different roles so that all applications that are used in your organization are tested.
  3. In the test device policy, in the
    CylanceOPTICS
     settings tab, specify the BDE policy in the
    Detection settings
     section.
  4. On the
    Alerts
     screen, monitor the alerts for detections triggered by the BDE. Using the
    Actions
     menu, create exceptions for any alerts with
    High
     severity and those that may impact devices and users. For example, you may need to add some exceptions for some legitimate business applications so that business continuity is not impacted.
  5. When the alerts for this group of test devices do not include any legitimate business applications and no further tuning is required, you can move the devices back to the production device policy.
  6. In the BDE policy, enable and configure the automated responses for detection techniques according to the requirements of your organization.
  7. In the production device policy, specify the BDE policy from the previous step that has the automated responses enabled, and then set the operating mode to
    Full enforcement
    .
  8. If necessary, create other BDE policies and device policies, and then set and assign the device policies to devices within your tenant accordingly.
  9. If widespread business continuity issues arise and devices are impacted, you can set the BDE operating mode from device policy of affected devices to
    Alert only
    . While in this mode, you can add exceptions and tune your environment to mitigate the impact.
For more information, review the best practices in the Behavioral Detection Engine Getting Started Guide.