deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-06-28 16:53:40 +00:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Update windows/security/threat-protection/microsoft-defender-atp/custom-detection-rules.md

Browse Source 
Co-Authored-By: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com>
This commit is contained in:
ImranHabib
2019-09-28 09:34:03 +05:00
committed by GitHub
parent c9871554bb
commit f498ca39b7
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
windows/security/threat-protection/microsoft-defender-atp/custom-detection-rules.md
View File

@ -41,7 +41,7 @@ In Microsoft Defender Security Center, go to **Advanced hunting** and select an
| where EventTime > ago(7d)
| where ActionType == "AntivirusDetection"
| summarize (EventTime, ReportId)=arg_max(EventTime, ReportId), count() by MachineId
This will fetch latest EventTime and ReportId of the latest event among multiple events returned by the query and adds the count by MachineId.
This will fetch the EventTime and ReportId of the latest event from multiple events returned by the query and adds the count by MachineId.
### 2. Create new rule and provide alert details.