From 7ec8de8e8f4365b9bdd1cc4e1c2e53cd4431387d Mon Sep 17 00:00:00 2001 From: lomayor Date: Thu, 13 Jun 2019 14:14:39 -0700 Subject: [PATCH] Update overview-custom-detections.md --- .../microsoft-defender-atp/overview-custom-detections.md | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/overview-custom-detections.md b/windows/security/threat-protection/microsoft-defender-atp/overview-custom-detections.md index eb814bb184..5ec6f83d8a 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/overview-custom-detections.md +++ b/windows/security/threat-protection/microsoft-defender-atp/overview-custom-detections.md @@ -24,13 +24,16 @@ ms.topic: conceptual - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) -Alerts in Microsoft Defender ATP are surfaced through the system based on signals gathered from endpoints. With custom detections, you can create custom queries to monitor events for any kind of behavior such as suspicious or emerging threats. +Alerts in Microsoft Defender ATP are surfaced through the system based on signals gathered from endpoints. With custom detections, you can create custom queries to monitor events for any kind of behavior such as suspicious events or emerging threats. This can be done by leveraging the power of Advanced hunting through the creation of custom detection rules. Custom detections are queries that run periodically every 24 hours and can be configured so that when the query meets the criteria you set, alerts are created and are surfaced in Microsoft Defender Security Center. These alerts will be treated like any other alert in the system. This capability is particularly useful for scenarios when you want to pro-actively prevent threats and be notified quickly of emerging threats. +>[!NOTE] +>To create and manage custom detections, [your role](https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/user-roles#create-roles-and-assign-the-role-to-an-azure-active-directory-group) needs to have the **manage security settings** permission. + ## Related topic - [Create custom detection rules](custom-detection-rules.md)