deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-13 05:47:23 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Update windows/security/threat-protection/microsoft-defender-atp/custom-detection-rules.md

Browse Source 
Co-Authored-By: Trond B. Krokli <38162891+illfated@users.noreply.github.com>
This commit is contained in:
ImranHabib 2019-10-01 13:54:56 +05:00 committed by GitHub
parent 8924116703
commit 06a38e3bc5
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 1 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
windows/security/threat-protection/microsoft-defender-atp/custom-detection-rules.md
View File

@ -41,6 +41,7 @@ In Microsoft Defender Security Center, go to **Advanced hunting** and select an
| where EventTime > ago(7d)
| where ActionType == "AntivirusDetection"
| summarize (EventTime, ReportId)=arg_max(EventTime, ReportId), count() by MachineId
| where count_ > 5
This will fetch the EventTime and ReportId of the latest event from multiple events returned by the query and adds the count by MachineId.
### 2. Create new rule and provide alert details.