diff --git a/windows/security/threat-protection/microsoft-defender-atp/custom-detection-rules.md b/windows/security/threat-protection/microsoft-defender-atp/custom-detection-rules.md
index fb9e202863..19f8bc230f 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/custom-detection-rules.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/custom-detection-rules.md
@@ -37,7 +37,7 @@ In Microsoft Defender Security Center, go to **Advanced hunting** and select an
 > To use a query for a custom detection rule, the query must return the `EventTime`, `MachineId`, and `ReportId` columns in the results. Queries that don’t use the `project` operator to customize results usually return these common columns.
 
 > [Example]
->MiscEvents
+> MiscEvents
 | where EventTime > ago(7d)
 | where ActionType == "AntivirusDetection"
 | summarize (EventTime, ReportId)=arg_max(EventTime, ReportId), count() by MachineId