deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-13 05:47:23 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Update windows/security/threat-protection/microsoft-defender-atp/custom-detection-rules.md

Browse Source 
Co-Authored-By: Trond B. Krokli <38162891+illfated@users.noreply.github.com>
This commit is contained in:
ImranHabib 2019-10-01 13:54:56 +05:00 committed by GitHub
parent 8924116703
commit 06a38e3bc5
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 1 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
windows/security/threat-protection/microsoft-defender-atp/custom-detection-rules.md
View File

@ -41,6 +41,7 @@ In Microsoft Defender Security Center, go to **Advanced hunting** and select an
| where EventTime > ago(7d) | where EventTime > ago(7d)
| where ActionType == "AntivirusDetection" | where ActionType == "AntivirusDetection"
| summarize (EventTime, ReportId)=arg_max(EventTime, ReportId), count() by MachineId | summarize (EventTime, ReportId)=arg_max(EventTime, ReportId), count() by MachineId
| where count_ > 5
This will fetch the EventTime and ReportId of the latest event from multiple events returned by the query and adds the count by MachineId. This will fetch the EventTime and ReportId of the latest event from multiple events returned by the query and adds the count by MachineId.
### 2. Create new rule and provide alert details. ### 2. Create new rule and provide alert details.