Skip to content

Commit 0f5fcc2

Browse files
yelevinyelevin
committed
Added space after punctuation
1 parent 71fcd48 commit 0f5fcc2

File tree

1 file changed

+2
-2
lines changed

1 file changed

+2
-2
lines changed

articles/sentinel/tutorial-detect-threats-custom.md

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -36,15 +36,15 @@ You can create custom analytic rules to help you search for the types of threats
3636

3737
![Create scheduled query](media/tutorial-detect-threats-custom/create-scheduled-query.png)
3838

39-
1. In the **General** tab, provide a unique **Name**, and a **Description**. In the **Tactics** field, you can choose from among categories of attacks by which to classify the rule. Set the alert **Severity** as necessary.When you create the rule, its **Status** is **Enabled** by default, which means it will run immediately after you finish creating it. If you don’t want it to run immediately, select **Disabled**, and the rule will be added to your **Active rules** tab and you can enable it from there when you need it.
39+
1. In the **General** tab, provide a unique **Name**, and a **Description**. In the **Tactics** field, you can choose from among categories of attacks by which to classify the rule. Set the alert **Severity** as necessary. When you create the rule, its **Status** is **Enabled** by default, which means it will run immediately after you finish creating it. If you don’t want it to run immediately, select **Disabled**, and the rule will be added to your **Active rules** tab and you can enable it from there when you need it.
4040

4141
![Start creating a custom analytic rule](media/tutorial-detect-threats-custom/general-tab.png)
4242

4343
1. In the **Set rule logic** tab, you can either write a query directly in the **Rule query** field, or create the query in Log Analytics, and then copy and paste it there.
4444

4545
![Create query in Azure Sentinel](media/tutorial-detect-threats-custom/settings-tab.png)
4646

47-
- See the **Results preview** area to the right, where Azure Sentinel shows the number of results (log events) the query will generate,changing on-the-fly as you write and configure your query. The graph shows the number of results over the defined time period, which is determined by the settings in the **Query scheduling** section.
47+
- See the **Results preview** area to the right, where Azure Sentinel shows the number of results (log events) the query will generate, changing on-the-fly as you write and configure your query. The graph shows the number of results over the defined time period, which is determined by the settings in the **Query scheduling** section.
4848
- If you see that your query would trigger too many or too frequent alerts, you can set a baseline in the **Alert threshold** section.
4949

5050
Here's a sample query that would alert you when an anomalous number of resources is created in Azure Activity.

0 commit comments

Comments
 (0)