From e7e9f64418fbc2a3c7805a5af5ee4e6a6c1eb2b9 Mon Sep 17 00:00:00 2001 From: Louie Mayor Date: Wed, 12 Aug 2020 17:59:51 -0700 Subject: [PATCH] Update custom-detection-rules.md --- .../microsoft-defender-atp/custom-detection-rules.md | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/windows/security/threat-protection/microsoft-defender-atp/custom-detection-rules.md b/windows/security/threat-protection/microsoft-defender-atp/custom-detection-rules.md index a6ef0b57b7..20cba1c034 100644 --- a/windows/security/threat-protection/microsoft-defender-atp/custom-detection-rules.md +++ b/windows/security/threat-protection/microsoft-defender-atp/custom-detection-rules.md @@ -23,13 +23,16 @@ ms.topic: article **Applies to:** - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) ->[!NOTE] This article applies to Microsoft Defender ATP. [Read about this capability in Microsoft Threat Protection](https://docs.microsoft.com/microsoft-365/security/mtp/custom-detections-overview) +> [Learn about this feature in Microsoft Threat Protection](https://docs.microsoft.com/microsoft-365/security/mtp/custom-detections-overview) Custom detection rules built from [advanced hunting](advanced-hunting-overview.md) queries let you proactively monitor various events and system states, including suspected breach activity and misconfigured devices. You can set them to run at regular intervals, generating alerts and taking response actions whenever there are matches. Read this article to learn how to create new custom detection rules. Or [see viewing and managing existing rules](custom-detections-manage.md). +>[!NOTE] This article applies to Microsoft Defender ATP. [Read about this capability in Microsoft Threat Protection](https://docs.microsoft.com/microsoft-365/security/mtp/custom-detections-overview) + + ## 1. Check required permissions To create or manage custom detections, [your role](user-roles.md#create-roles-and-assign-the-role-to-an-azure-active-directory-group) needs to have the **manage security settings** permission.