Forum Discussion

sirkillnotalot's avatar
sirkillnotalot
Copper Contributor
Oct 29, 2020

Powershell/API to create detections

Hi all,

 

Does any one know of a way (or if it's even possible) to create custom detection rules, and set the scheduling, using PowerShell or the API?

 

Been looking through docs and can find ways to create indicators but not detection rules.

 

Thanks!

  • Hi sirkillnotalot, did you find a way to do create custom detection rules through PowerShell?? 

    I want to do the same thing but I could not find an API from Defender for Endpoint.

    • sirkillnotalot's avatar
      sirkillnotalot
      Copper Contributor

      simonepatonico I'm afraid not. 

       

      I had a call with a product manager at Microsoft and was told this functionality is not yet possible. It was being raised as a feature request but I couldn't find it when I searched last.

       

      Since posting this there's been a preview release of the Microsoft Endpoint connector for Azure Sentinel which has the data fields we were using for hunts/detections in Defender so we've shifted our full focus to Sentinel instead.

Resources