mirror of
https://github.com/MicrosoftDocs/windows-itpro-docs.git
synced 2025-05-12 05:17:22 +00:00
1.9 KiB
1.9 KiB
title, ms.reviewer, description, keywords, search.product, search.appverid, ms.prod, ms.mktglfcycl, ms.sitesec, ms.pagetype, ms.author, author, ms.localizationpriority, manager, audience, ms.collection, ms.topic
| title | ms.reviewer | description | keywords | search.product | search.appverid | ms.prod | ms.mktglfcycl | ms.sitesec | ms.pagetype | ms.author | author | ms.localizationpriority | manager | audience | ms.collection | ms.topic |
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Overview of custom detections in Microsoft Defender ATP | Understand how you can use Advanced hunting to create custom detections and generate alerts | custom detections, alerts, detection rules, advanced hunting, hunt, query, response actions, interval, mdatp, microsoft defender atp | eADQiWindows 10XVcnh | met150 | w10 | deploy | library | security | lomayor | lomayor | medium | dansimp | ITPro | M365-security-compliance | conceptual |
Custom detections overview
Applies to:
With custom detections, you can proactively monitor for and respond to various events and system states, including suspected breach activity and misconfigured machines. This is made possible by customizable detection rules that automatically trigger alerts as well as response actions.
Custom detections work with Advanced hunting, which provides a powerful, flexible query language that covers a broad set of event and system information from your network. The queries run every 24 hours, generating alerts and taking response actions whenever there are matches.
Custom detections provide:
- Alerts for rule-based detections built from Advanced hunting queries
- Automatic response actions that apply to files and machines
Note
To create and manage custom detections, your role needs to have the manage security settings permission.