deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-13 05:47:23 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Update windows/security/threat-protection/microsoft-defender-atp/custom-detection-rules.md

Browse Source 
Co-Authored-By: Trond B. Krokli <38162891+illfated@users.noreply.github.com>
This commit is contained in:
ImranHabib 2019-09-29 19:06:54 +05:00 committed by GitHub
parent 83dd94f493
commit 1988d93b9f
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
windows/security/threat-protection/microsoft-defender-atp/custom-detection-rules.md
View File

@ -33,7 +33,7 @@ Custom detection rules built from [Advanced hunting](overview-hunting.md) querie
In Microsoft Defender Security Center, go to **Advanced hunting** and select an existing query or create a new query. When using an new query, run the query to identify errors and understand possible results. In Microsoft Defender Security Center, go to **Advanced hunting** and select an existing query or create a new query. When using an new query, run the query to identify errors and understand possible results.
>[!NOTE] > [!NOTE]
>To use a query for a custom detection rule, the query must return the `EventTime`, `MachineId`, and `ReportId` columns in the results. Queries that dont use the `project` operator to customize results usually return these common columns. >To use a query for a custom detection rule, the query must return the `EventTime`, `MachineId`, and `ReportId` columns in the results. Queries that dont use the `project` operator to customize results usually return these common columns.
>[Example] >[Example]