deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-14 06:17:22 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Update overview-custom-detections.md

Browse Source
This commit is contained in:
lomayor 2019-06-13 14:21:45 -07:00 committed by GitHub
parent e729ba4e36
commit 30536a036b
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
windows/security/threat-protection/microsoft-defender-atp/overview-custom-detections.md
View File

@ -26,13 +26,13 @@ ms.topic: conceptual
Alerts in Microsoft Defender ATP are surfaced through the system based on signals gathered from endpoints. With custom detections, you can create custom queries to monitor events for any kind of behavior such as suspicious events or emerging threats. Alerts in Microsoft Defender ATP are surfaced through the system based on signals gathered from endpoints. With custom detections, you can create custom queries to monitor events for any kind of behavior such as suspicious events or emerging threats.
This can be done by leveraging the power of [Advanced hunting](https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/overview-hunting) through the creation of custom detection rules. This can be done by leveraging the power of [Advanced hunting](overview-hunting.md) through the creation of custom detection rules.
Custom detections are queries that run periodically every 24 hours and can be configured so that when the query meets the criteria you set, alerts are created and are surfaced in Microsoft Defender Security Center. These alerts will be treated like any other alert in the system. Custom detections are queries that run periodically every 24 hours and can be configured so that when the query meets the criteria you set, alerts are created and are surfaced in Microsoft Defender Security Center. These alerts will be treated like any other alert in the system.
This capability is particularly useful for scenarios when you want to pro-actively prevent threats and be notified quickly of emerging threats. This capability is particularly useful for scenarios when you want to pro-actively prevent threats and be notified quickly of emerging threats.
>[!NOTE] >[!NOTE]
>To create and manage custom detections, [your role](https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/user-roles#create-roles-and-assign-the-role-to-an-azure-active-directory-group) needs to have the **manage security settings** permission. >To create and manage custom detections, [your role](user-roles.md#create-roles-and-assign-the-role-to-an-azure-active-directory-group) needs to have the **manage security settings** permission.
## Related topic ## Related topic
- [Create custom detection rules](custom-detection-rules.md) - [Create custom detection rules](custom-detection-rules.md)