Forum Discussion
Advanced Hunting Custom detection rule notification cannot be customized
Hello,
We have a case with both Microsoft and US cloud about the custom detection rule created by a query. The problem that we have is that I want to send the rule's notification to an email group. However, after about 2 months of investigations, I was advised below:
"We can go one of two routes. Either the alerts from Defender can be ingested into sentinel based on the custom detection rule you created, or the Entra Sign-in logs can be ingested allowing Sentinel to check the logs itself."
Could you please help us find an easier solution for the notification or create a feature request so that we could have the configuration of notification for custom detection rules when creating the alert?
1 Reply
Hey,
this guide is all you need to get email notifications working.
Get incident notifications by email - Microsoft Defender XDR
You can even select “Custom Detections” to only receive notifications for them, though I’d assume you want more than just that. On the recipients page enter the mailbox address and you’re good.
Best regards,
Dylan
