Merge pull request #3806 from MicrosoftDocs/main

padmagit77 · web-flow · commit 8e355ce57e87 · 2025-05-16T17:01:55.000+05:30
[AutoPublish] main to live - 05/16 04:29 PDT | 05/16 16:59 IST
diff --git a/defender-xdr/custom-detection-rules.md b/defender-xdr/custom-detection-rules.md
@@ -170,7 +170,7 @@ Once you click **Save**, the selected rules' frequency gets updated to Continuou
 You can run a query continuously as long as:
 
 - The query references one table only.
-- The query uses an operator from the list of supported KQL operators. **[Supported KQL features](/azure/azure-monitor/essentials/data-collection-transformations-structure#supported-kql-features)**
+- The query uses an operator from the list of **[Supported KQL features](/azure/azure-monitor/essentials/data-collection-transformations-structure#supported-kql-features)**. (For    `matches regex`, regular expressions must be encoded as string literals and follow the string quoting rules. For example, the regular expression `\A` is represented in KQL as `"\\A"`. The extra backslash indicates that the other backslash is part of the regular expression `\A`.)
 - The query doesn't use joins, unions, or the `externaldata` operator.
 - The query doesn't include any comments line/information.
 
