Documents reputation service (#3855)

* Documents reputation service * Applies tech review feedback * tweaks wording
elastic · Sep 11, 2023 · e2517b0 · e2517b0
1 parent d899f4c
commit e2517b0
Show file tree

Hide file tree

Showing 2 changed files with 4 additions and 0 deletions.
diff --git a/docs/getting-started/configure-integration-policy.asciidoc b/docs/getting-started/configure-integration-policy.asciidoc
@@ -164,6 +164,10 @@ Malicious behavior protection levels are:
 * **Prevent** (Default): Detects malicious behavior on the host, forces the process to stop,
 and generates an alert.
 
+Select whether you want to use **Reputation service** for additional malware analysis. This service identifies malicious activity and false positives, and enriches alerts using data from various sources, such as VirusTotal and telemetry. For example, reputation service can detect suspicious downloads of binaries with low or malicious reputation.
+
+NOTE: Reputation service requires an active https://www.elastic.co/pricing[Platinum or Enterprise subscription] and is available on cloud deployments only.
+
 Select **Notify user** to send a push notification in the host operating system when activity is detected or prevented. Notifications are enabled by default for the *Prevent* option.
 
 TIP: Platinum and Enterprise customers can customize these notifications using the `Elastic Security {action} {rule}` syntax.

diff --git a/docs/getting-started/images/install-endpoint/behavior-protection.png b/docs/getting-started/images/install-endpoint/behavior-protection.png