SC-200 - Manage a Security Operations Environment - Section 1.7

Create and manage custom detection rules in Microsoft Defender XDR using Advanced Hunting.

Build custom detection rules in Microsoft Defender XDR by promoting Advanced Hunting queries, setting detection frequency, and mapping impacted entities such as devices, users, and mailboxes. Manage the rule lifecycle by editing, disabling, and reviewing rule status to ensure detections remain accurate and do not generate excessive noise.

custom detection rules from Advanced Hunting queriesdetection frequency and response actionsmanaging custom detection rulesimpacted entities

Create and manage custom detection rules in Microsoft Defender XDR using Advanced Hunting.

More in this domain