You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: defender-xdr/custom-detection-rules.md
+3-3Lines changed: 3 additions & 3 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -58,7 +58,7 @@ To manage required permissions, a Global Administrator can:
58
58
- Check RBAC settings for Microsoft Defender for Endpoint in [Microsoft Defender XDR](https://security.microsoft.com/) under **Settings**\>**Permissions** > **Roles**. Select the corresponding role to assign the **manage security settings** permission.
59
59
60
60
> [!NOTE]
61
-
> A user also needs to have the appropriate permissions for the devices in the [device scope](#5-set-the-rule-scope) of a custom detection rule that they are creating or editing before they can proceed. A user can't edit a custom detection rule that is scoped to run on all devices, if the same user does not permissions for all devices.
61
+
> A user also needs to have the appropriate permissions for the devices in the [device scope](#5-set-the-rule-scope) of a custom detection rule that they are creating or editing before they can proceed. A user can't edit a custom detection rule that is scoped to run on all devices, if the same user does not have permissions for all devices.
62
62
63
63
## Create a custom detection rule
64
64
@@ -155,7 +155,7 @@ Selecting **Migrate now** gives you a list of all compatible rules according to
155
155
:::image type="content" source="media/custom-detection-compatible-queries.png" alt-text="Screenshot of the continuous frequency compatible queries in advanced hunting." lightbox="media/custom-detection-compatible-queries.png":::
156
156
157
157
158
-
Once you click **Save**, the selected rules' frequency gets updated to Continuous(NRT) frequency.
158
+
Once you click **Save**, the selected rules' frequency gets updated to Continuous(NRT) frequency.
159
159
160
160
161
161
###### Queries you can run continuously
@@ -263,7 +263,7 @@ Only data from devices in the scope will be queried. Also, actions are taken onl
263
263
After reviewing the rule, select **Create** to save it. The custom detection rule immediately runs. It runs again based on configured frequency to check for matches, generate alerts, and take response actions.
264
264
265
265
> [!IMPORTANT]
266
-
> Custom detections should be regularly reviewed for efficiency and effectiveness. To make sure you are creating detections that trigger true alerts, take time to review your existing custom detections by following the steps in [Manage existing custom detect ion rules](#manage-existing-custom-detection-rules).
266
+
> Custom detections should be regularly reviewed for efficiency and effectiveness. To make sure you are creating detections that trigger true alerts, take time to review your existing custom detections by following the steps in [Manage existing custom detection rules](#manage-existing-custom-detection-rules).
267
267
>
268
268
> You maintain control over the broadness or specificity of your custom detections so any false alerts generated by custom detections might indicate a need to modify certain parameters of the rules.
0 commit comments