From 99fa2ef07fa7a4642ebaa157af5f6569d20f35d9 Mon Sep 17 00:00:00 2001
From: ImranHabib <47118050+joinimran@users.noreply.github.com>
Date: Sun, 29 Sep 2019 19:07:10 +0500
Subject: [PATCH] Update
 windows/security/threat-protection/microsoft-defender-atp/custom-detection-rules.md

Co-Authored-By: Trond B. Krokli <38162891+illfated@users.noreply.github.com>
---
 .../microsoft-defender-atp/custom-detection-rules.md            | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/threat-protection/microsoft-defender-atp/custom-detection-rules.md b/windows/security/threat-protection/microsoft-defender-atp/custom-detection-rules.md
index 627c14ca58..fb9e202863 100644
--- a/windows/security/threat-protection/microsoft-defender-atp/custom-detection-rules.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/custom-detection-rules.md
@@ -34,7 +34,7 @@ Custom detection rules built from [Advanced hunting](overview-hunting.md) querie
 In Microsoft Defender Security Center, go to **Advanced hunting** and select an existing query or create a new query. When using an new query, run the query to identify errors and understand possible results.
 
 > [!NOTE]
->To use a query for a custom detection rule, the query must return the `EventTime`, `MachineId`, and `ReportId` columns in the results. Queries that don’t use the `project` operator to customize results usually return these common columns.
+> To use a query for a custom detection rule, the query must return the `EventTime`, `MachineId`, and `ReportId` columns in the results. Queries that don’t use the `project` operator to customize results usually return these common columns.
 
 > [Example]
 >MiscEvents