edits

Author: poliveria

defender-xdr/custom-detection-rules.md

@@ -74,7 +74,7 @@ In the Microsoft Defender portal, go to **Advanced hunting** and select an exist
 #### Required columns in the query results
 
 
-To create a custom detection rule, the query must return the following columns:
+To create a custom detection rule using Defender XDR data, the query must return the following columns:
 1. `Timestamp` - This column is used to set the timestamp for generated alerts. The `Timestamp` that is returned from the query shouldn't have been manipulated in the query and should be returned exactly as it appears in the raw event.
 
 3. A column or combination of columns that uniquely identify the event in Defender XDR tables:
@@ -295,7 +295,7 @@ The following screenshot shows how the custom details are surfaced in the alert
 
 ### 4. Specify actions
 
-Your custom detection rule can automatically take actions on devices, files, users, or emails that are returned by the query.
+If your custom detection rule uses Defender XDR data, it can automatically take actions on devices, files, users, or emails that are returned by the query.
 
 :::image type="content" source="/defender/media/ah-custom-actions.png" alt-text="Screenshot that shows actions for custom detections in the Microsoft Defender portal." lightbox="/defender/media/ah-custom-actions.png":::
 

defender-xdr/whats-new.md

@@ -32,6 +32,14 @@ For more information on what's new with other Microsoft Defender security produc
 
 You can also get product updates and important notifications through the [message center](https://admin.microsoft.com/Adminportal/Home#/MessageCenter).
 
+## August 2025
+- (Preview) In advanced hunting, you can now enrich your [custom detection rules](custom-detection-rules.md) by creating dynamic alert titles and descriptions, select more impacted entities, and add custom details to display in the alert side panel. Microsoft Sentinel customers that are onboarded to Microsoft Defender also now have the option to customize the alert frequency when the rule is based only on data that is ingested to Sentinel.
+- (GA) In advanced hunting, you can now [view all your user-defined rules](custom-detection-manage.md)—both custom detection rules and analytics rules—in the **Detection rules** page. This feature also brings the following improvements:
+    - You can now filter for *every* column (in addition to **Frequency** and **Organizational scope**).
+    - For multiworkspace organizations that have onboarded multiple workspaces to Microsoft Defender, you can now view the **Workspace ID** column and filter by workspace. 
+    - You can now view the details pane even for analytics rules.
+    - You can now perform the following actions on analytics rules: Turn on/off, Delete, Edit.
+
 ## July 2025
 - (Preview) The [GraphApiAuditEvents](advanced-hunting-graphapiauditevents-table.md) table in advanced hunting is now available for preview. This table contains information about Microsoft Entra ID API requests made to Microsoft Graph API for resources in the tenant.