Forum Discussion
Powershell/API to create detections
Hi all,
Does any one know of a way (or if it's even possible) to create custom detection rules, and set the scheduling, using PowerShell or the API?
Been looking through docs and can find ways to create indicators but not detection rules.
Thanks!
- simonepatonicoBrass Contributor
Hi sirkillnotalot, did you find a way to do create custom detection rules through PowerShell??
I want to do the same thing but I could not find an API from Defender for Endpoint.
- sirkillnotalotCopper Contributor
simonepatonico I'm afraid not.
I had a call with a product manager at Microsoft and was told this functionality is not yet possible. It was being raised as a feature request but I couldn't find it when I searched last.
Since posting this there's been a preview release of the Microsoft Endpoint connector for Azure Sentinel which has the data fields we were using for hunts/detections in Defender so we've shifted our full focus to Sentinel instead.