deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-16 23:37:22 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

More tweakaroos

Browse Source
This commit is contained in:
Louie Mayor 2020-08-12 17:36:38 -07:00
parent 6aa3b64561
commit 159663aef0
2 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
windows/security/threat-protection/microsoft-defender-atp/custom-detection-rules.md
View File

@ -1,5 +1,5 @@
--- ---
title: Create detection rules in Microsoft Defender ATP title: Create custom detection rules in Microsoft Defender ATP
ms.reviewer: ms.reviewer:
description: Learn how to create custom detection rules based on advanced hunting queries description: Learn how to create custom detection rules based on advanced hunting queries
keywords: custom detections, create, manage, alerts, edit, run on demand, frequency, interval, detection rules, advanced hunting, hunt, query, response actions, mdatp, microsoft defender atp keywords: custom detections, create, manage, alerts, edit, run on demand, frequency, interval, detection rules, advanced hunting, hunt, query, response actions, mdatp, microsoft defender atp

4
windows/security/threat-protection/microsoft-defender-atp/overview-custom-detections.md
View File

@ -22,7 +22,7 @@ ms.topic: conceptual
**Applies to:** **Applies to:**
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
With custom detections, you can proactively monitor for and respond to various events and system states, including suspected breach activity and misconfigured devices. You can do this with customizable detection rules that automatically trigger alerts as well as response actions. With custom detections, you can proactively monitor for and respond to various events and system states, including suspected breach activity and misconfigured devices. You can do this with customizable detection rules that automatically trigger alerts and response actions.
Custom detections work with [advanced hunting](advanced-hunting-overview.md), which provides a powerful, flexible query language that covers a broad set of event and system information from your network. You can set them to run at regular intervals, generating alerts and taking response actions whenever there are matches. Custom detections work with [advanced hunting](advanced-hunting-overview.md), which provides a powerful, flexible query language that covers a broad set of event and system information from your network. You can set them to run at regular intervals, generating alerts and taking response actions whenever there are matches.
@ -30,7 +30,7 @@ Custom detections provide:
- Alerts for rule-based detections built from advanced hunting queries - Alerts for rule-based detections built from advanced hunting queries
- Automatic response actions that apply to files and devices - Automatic response actions that apply to files and devices
## Related topic ## Related topics
- [Create detection rules](custom-detection-rules.md) - [Create detection rules](custom-detection-rules.md)
- [View and manage detection rules](custom-detections-manage.md) - [View and manage detection rules](custom-detections-manage.md)
- [Advanced hunting overview](advanced-hunting-overview.md) - [Advanced hunting overview](advanced-hunting-overview.md)