From 23ed4b5b7d264c0882769b57adab9f01599ae87c Mon Sep 17 00:00:00 2001
From: lomayor <louie.mayor@microsoft.com>
Date: Thu, 13 Jun 2019 14:06:31 -0700
Subject: [PATCH] Update custom-detection-rules.md

---
 .../microsoft-defender-atp/custom-detection-rules.md          | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/custom-detection-rules.md b/windows/security/threat-protection/microsoft-defender-atp/custom-detection-rules.md
index 8f0d992e58..7f7511101c 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/custom-detection-rules.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/custom-detection-rules.md
@@ -23,6 +23,10 @@ ms.topic: article
 **Applies to:**
 - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 
+Create custom detection rules from [Advanced hunting](https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/overview-hunting) queries to automatically check for threat indicators and generate alerts whenever these indicators are found.
+
+>[!NOTE]
+>To create and manage custom detections, [your role](https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/user-roles#create-roles-and-assign-the-role-to-an-azure-active-directory-group) needs to have the **manage security secttings** permission.
 
 1.	In the navigation pane, select **Advanced hunting**.