mirror of
https://github.com/MicrosoftDocs/windows-itpro-docs.git
synced 2025-06-11 03:57:22 +00:00
b8678af8fe
* Update networkproxy-csp.md * Update windows/client-management/mdm/networkproxy-csp.md Co-Authored-By: Trond B. Krokli <38162891+illfated@users.noreply.github.com> * Update windows/client-management/mdm/networkproxy-csp.md Co-Authored-By: Trond B. Krokli <38162891+illfated@users.noreply.github.com> * Update windows/client-management/mdm/networkproxy-csp.md Co-Authored-By: Trond B. Krokli <38162891+illfated@users.noreply.github.com> * Update windows/client-management/mdm/networkproxy-csp.md Co-Authored-By: Trond B. Krokli <38162891+illfated@users.noreply.github.com> * Update windows/client-management/mdm/networkproxy-csp.md Co-Authored-By: Trond B. Krokli <38162891+illfated@users.noreply.github.com> * Update windows/client-management/mdm/networkproxy-csp.md Co-Authored-By: Trond B. Krokli <38162891+illfated@users.noreply.github.com> * Update windows/client-management/mdm/networkproxy-csp.md Co-Authored-By: Trond B. Krokli <38162891+illfated@users.noreply.github.com> * Update windows/client-management/mdm/networkproxy-csp.md Co-Authored-By: Trond B. Krokli <38162891+illfated@users.noreply.github.com> * Update windows/client-management/mdm/networkproxy-csp.md Co-Authored-By: Trond B. Krokli <38162891+illfated@users.noreply.github.com> * Update windows/client-management/mdm/networkproxy-csp.md Co-Authored-By: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> * Update windows/client-management/mdm/networkproxy-csp.md Co-Authored-By: JohanFreelancer9 <48568725+JohanFreelancer9@users.noreply.github.com> * Update windows/client-management/mdm/networkproxy-csp.md Co-Authored-By: Trond B. Krokli <38162891+illfated@users.noreply.github.com> * Update windows/client-management/mdm/networkproxy-csp.md Co-Authored-By: Trond B. Krokli <38162891+illfated@users.noreply.github.com> * Update windows/client-management/mdm/networkproxy-csp.md Co-Authored-By: Trond B. Krokli <38162891+illfated@users.noreply.github.com> * Update windows/client-management/mdm/networkproxy-csp.md Co-Authored-By: Trond B. Krokli <38162891+illfated@users.noreply.github.com> * Update windows/client-management/mdm/networkproxy-csp.md Co-Authored-By: Trond B. Krokli <38162891+illfated@users.noreply.github.com> * Update windows/client-management/mdm/networkproxy-csp.md Co-Authored-By: Trond B. Krokli <38162891+illfated@users.noreply.github.com> * Update windows/client-management/mdm/networkproxy-csp.md Co-Authored-By: Trond B. Krokli <38162891+illfated@users.noreply.github.com> * Update windows/client-management/mdm/networkproxy-csp.md Co-Authored-By: Trond B. Krokli <38162891+illfated@users.noreply.github.com> * Update windows/client-management/mdm/networkproxy-csp.md Co-Authored-By: Trond B. Krokli <38162891+illfated@users.noreply.github.com> * Update windows/client-management/mdm/networkproxy-csp.md Co-Authored-By: Trond B. Krokli <38162891+illfated@users.noreply.github.com> * Update windows/client-management/mdm/networkproxy-csp.md Co-Authored-By: Trond B. Krokli <38162891+illfated@users.noreply.github.com> * Update windows/client-management/mdm/networkproxy-csp.md Co-Authored-By: Trond B. Krokli <38162891+illfated@users.noreply.github.com> * Update windows/client-management/mdm/networkproxy-csp.md Co-Authored-By: Trond B. Krokli <38162891+illfated@users.noreply.github.com> * Update windows/client-management/mdm/networkproxy-csp.md Co-Authored-By: Trond B. Krokli <38162891+illfated@users.noreply.github.com> * Update windows/client-management/mdm/networkproxy-csp.md Co-Authored-By: Trond B. Krokli <38162891+illfated@users.noreply.github.com> * Update windows/client-management/mdm/networkproxy-csp.md Co-Authored-By: Trond B. Krokli <38162891+illfated@users.noreply.github.com> * Update windows/client-management/mdm/networkproxy-csp.md Co-Authored-By: Trond B. Krokli <38162891+illfated@users.noreply.github.com> * Update windows/client-management/mdm/networkproxy-csp.md Co-Authored-By: Trond B. Krokli <38162891+illfated@users.noreply.github.com> * Update windows/client-management/mdm/networkproxy-csp.md Co-Authored-By: Trond B. Krokli <38162891+illfated@users.noreply.github.com> * Update windows/client-management/mdm/networkproxy-csp.md Co-Authored-By: Trond B. Krokli <38162891+illfated@users.noreply.github.com> * Update windows/client-management/mdm/networkproxy-csp.md Co-Authored-By: Trond B. Krokli <38162891+illfated@users.noreply.github.com> * Update windows/client-management/mdm/networkproxy-csp.md Co-Authored-By: Trond B. Krokli <38162891+illfated@users.noreply.github.com> * Update windows/client-management/mdm/networkproxy-csp.md Co-Authored-By: Trond B. Krokli <38162891+illfated@users.noreply.github.com> * Update windows/client-management/mdm/networkproxy-csp.md Co-Authored-By: Trond B. Krokli <38162891+illfated@users.noreply.github.com> * Update windows/client-management/mdm/networkproxy-csp.md Co-Authored-By: Trond B. Krokli <38162891+illfated@users.noreply.github.com> * Update windows/client-management/mdm/networkproxy-csp.md Co-Authored-By: Trond B. Krokli <38162891+illfated@users.noreply.github.com> * Update windows/client-management/mdm/networkproxy-csp.md Co-Authored-By: Trond B. Krokli <38162891+illfated@users.noreply.github.com> * Update windows/client-management/mdm/networkproxy-csp.md Co-Authored-By: Trond B. Krokli <38162891+illfated@users.noreply.github.com> * Update windows/client-management/mdm/networkproxy-csp.md Co-Authored-By: Trond B. Krokli <38162891+illfated@users.noreply.github.com> * Update windows/client-management/mdm/networkproxy-csp.md Co-Authored-By: Trond B. Krokli <38162891+illfated@users.noreply.github.com> * Update windows/client-management/mdm/networkproxy-csp.md Co-Authored-By: Trond B. Krokli <38162891+illfated@users.noreply.github.com> * Update windows/client-management/mdm/networkproxy-csp.md Co-Authored-By: Trond B. Krokli <38162891+illfated@users.noreply.github.com> * Update windows/client-management/mdm/networkproxy-csp.md Co-Authored-By: Trond B. Krokli <38162891+illfated@users.noreply.github.com> * Update windows/client-management/mdm/networkproxy-csp.md Co-Authored-By: Trond B. Krokli <38162891+illfated@users.noreply.github.com> * Update windows/client-management/mdm/networkproxy-csp.md Co-Authored-By: Trond B. Krokli <38162891+illfated@users.noreply.github.com> * Update windows/client-management/mdm/networkproxy-csp.md Co-Authored-By: Trond B. Krokli <38162891+illfated@users.noreply.github.com> * Update windows/client-management/mdm/networkproxy-csp.md Co-Authored-By: Trond B. Krokli <38162891+illfated@users.noreply.github.com> * Update windows/client-management/mdm/networkproxy-csp.md Co-Authored-By: Trond B. Krokli <38162891+illfated@users.noreply.github.com> * Update windows/client-management/mdm/networkproxy-csp.md Co-Authored-By: Trond B. Krokli <38162891+illfated@users.noreply.github.com> * Update windows/client-management/mdm/networkproxy-csp.md Co-Authored-By: Trond B. Krokli <38162891+illfated@users.noreply.github.com> * Update windows/client-management/mdm/networkproxy-csp.md Co-Authored-By: Trond B. Krokli <38162891+illfated@users.noreply.github.com> * Update windows/client-management/mdm/networkproxy-csp.md Co-Authored-By: Trond B. Krokli <38162891+illfated@users.noreply.github.com> * Update windows/client-management/mdm/networkproxy-csp.md Co-Authored-By: Trond B. Krokli <38162891+illfated@users.noreply.github.com> * Update windows/client-management/mdm/networkproxy-csp.md Co-Authored-By: Trond B. Krokli <38162891+illfated@users.noreply.github.com> * Update windows/client-management/mdm/networkproxy-csp.md Co-Authored-By: Trond B. Krokli <38162891+illfated@users.noreply.github.com> * mdatp_custom_detections_refresh * custom-detections-toc * Update windows/client-management/mdm/networkproxy-csp.md Co-Authored-By: Trond B. Krokli <38162891+illfated@users.noreply.github.com> * Update windows/client-management/mdm/networkproxy-csp.md Co-Authored-By: Trond B. Krokli <38162891+illfated@users.noreply.github.com> * Update windows/client-management/mdm/networkproxy-csp.md Co-Authored-By: Trond B. Krokli <38162891+illfated@users.noreply.github.com> * Update networkproxy-csp.md Remove the xml word at the final of each code portion * Update windows/client-management/mdm/networkproxy-csp.md Co-Authored-By: Trond B. Krokli <38162891+illfated@users.noreply.github.com> * Merge branch 'master' into lomayor-mdatp-ah-sync * Merge branch 'master' into lomayor-mdatp-ah-sync * Update custom-detection-rules.md * custom-detections-manage * Last check * custom-detections * custom_detections * Added note * AH_no_freq * Update networkproxy-csp.md * Added a reference link * Update surface-dock-firmware-update.md * CAT Auto Pulish for Windows Release Messages - CAT_AutoPublish_20190924085026 (#1178)
38 lines
1.8 KiB
Markdown
38 lines
1.8 KiB
Markdown
---
|
|
title: Overview of custom detections in Microsoft Defender ATP
|
|
ms.reviewer:
|
|
description: Understand how you can use Advanced hunting to create custom detections and generate alerts
|
|
keywords: custom detections, alerts, detection rules, advanced hunting, hunt, query, response actions, interval, mdatp, microsoft defender atp
|
|
search.product: eADQiWindows 10XVcnh
|
|
search.appverid: met150
|
|
ms.prod: w10
|
|
ms.mktglfcycl: deploy
|
|
ms.sitesec: library
|
|
ms.pagetype: security
|
|
ms.author: lomayor
|
|
author: lomayor
|
|
ms.localizationpriority: medium
|
|
manager: dansimp
|
|
audience: ITPro
|
|
ms.collection: M365-security-compliance
|
|
ms.topic: conceptual
|
|
---
|
|
|
|
|
|
# Custom detections overview
|
|
**Applies to:**
|
|
- [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
|
|
|
|
With custom detections, you can proactively monitor for and respond to various events and system states, including suspected breach activity and misconfigured machines. This is made possible by customizable detection rules that automatically trigger alerts as well as response actions.
|
|
|
|
Custom detections work with [Advanced hunting](overview-hunting.md), which provides a powerful, flexible query language that covers a broad set of event and system information from your network. The queries run every 24 hours, generating alerts and taking response actions whenever there are matches.
|
|
|
|
Custom detections provide:
|
|
- Alerts from rule-based detections built from Advanced hunting queries
|
|
- Automatic response actions that apply to files and machines
|
|
|
|
>[!NOTE]
|
|
>To create and manage custom detections, [your role](user-roles.md#create-roles-and-assign-the-role-to-an-azure-active-directory-group) needs to have the **manage security settings** permission.
|
|
|
|
## Related topic
|
|
- [Create and manage custom detection rules](custom-detection-rules.md) |