Skip to content

Commit 5c96801

Browse files
schmurkyschmurky
committed
More
1 parent 1a9618b commit 5c96801

File tree

2 files changed

+10
-5
lines changed

2 files changed

+10
-5
lines changed

defender-xdr/custom-detection-rules.md

Lines changed: 4 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -18,6 +18,9 @@ ms.collection:
1818
ms.custom:
1919
- cx-ti
2020
- cx-ah
21+
appliesto:
22+
- Microsoft Defender XDR
23+
- Microsoft Sentinel in the Microsoft Defender portal
2124
ms.topic: how-to
2225
ms.date: 02/10/2025
2326
---
@@ -26,8 +29,7 @@ ms.date: 02/10/2025
2629

2730
[!INCLUDE [Microsoft Defender XDR rebranding](../includes/microsoft-defender.md)]
2831

29-
**Applies to:**
30-
- Microsoft Defender XDR
32+
3133

3234
Custom detection rules are rules you can design and tweak using [advanced hunting](advanced-hunting-overview.md) queries. These rules let you proactively monitor various events and system states, including suspected breach activity and misconfigured endpoints. You can set them to run at regular intervals, generating alerts and taking response actions whenever there are matches.
3335

defender-xdr/custom-detections-overview.md

Lines changed: 6 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -18,6 +18,9 @@ ms.custom:
1818
- cx-ti
1919
- cx-ah
2020
ms.topic: overview
21+
appliesto:
22+
- Microsoft Defender XDR
23+
- Microsoft Sentinel in the Microsoft Defender portal
2124
ms.date: 06/27/2024
2225
---
2326

@@ -26,8 +29,6 @@ ms.date: 06/27/2024
2629
[!INCLUDE [Microsoft Defender XDR rebranding](../includes/microsoft-defender.md)]
2730

2831

29-
**Applies to:**
30-
- Microsoft Defender XDR
3132

3233
With custom detections, you can proactively monitor for and respond to various events and system states, including suspected breach activity and misconfigured endpoints. This is made possible by customizable detection rules that automatically trigger alerts and response actions.
3334

@@ -38,10 +39,12 @@ Custom detections provide:
3839
- Alerts for rule-based detections built from advanced hunting queries
3940
- Automatic response actions
4041

42+
Optimizing your queries in custom detection rules is very important to avoid timeouts and ensure efficiency. There are several resources available that provide guidance on optimizing your KQL queries in [Advanced hunting query best practices](advanced-hunting-best-practices.md).
43+
4144
## See also
4245

4346
- [Create and manage custom detection rules](custom-detection-rules.md)
44-
- [Advanced hunting overview](advanced-hunting-overview.md)
47+
- [Advanced hunting query best practices](advanced-hunting-best-practices.md)
4548
- [Migrate advanced hunting queries from Microsoft Defender for Endpoint](advanced-hunting-migrate-from-mde.md)
4649
- [Microsoft Graph security API for custom detections](/graph/api/resources/security-api-overview?view=graph-rest-beta&preserve-view=true#custom-detections)
4750

0 commit comments

Comments
 (0)