If the custom rule matches an event, then an alert gets automatically sent.
IT pros configure a custom rule using a wizard.
The custom detection rules in near real time preview for Microsoft 365 Defender users will work "across email, endpoint, and identity, leading to faster response times and faster mitigation of threats," Microsoft promised. They also may want to check for, and remove, unwanted e-mails, or block "messages that spoof the recipient from a particular IP subnet." Organizations may want to check for threat activity after a "recently disclosed vulnerability" becomes known. Microsoft described some of the scenarios where custom detection rules in near real time could be used. Microsoft 365 Defender users are getting a public preview of the ability to set custom detection rules for near real-time security events, according to a Monday announcement.
0 kommentar(er)
