cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Powershell/API to create detections

sirkillnotalot
Copper Contributor

‎Oct 29 2020 02:02 PM

‎Oct 29 2020 02:02 PM

Powershell/API to create detections

Hi all,

 

Does any one know of a way (or if it's even possible) to create custom detection rules, and set the scheduling, using PowerShell or the API?

 

Been looking through docs and can find ways to create indicators but not detection rules.

 

Thanks!

Preview file
21 KB
Preview file
16 KB
1,285 Views
1 Like
2 Replies
Reply
2 Replies
simonepatonico

‎Mar 05 2021 02:13 AM

‎Mar 05 2021 02:13 AM

Re: Powershell/API to create detections

Hi @sirkillnotalot, did you find a way to do create custom detection rules through PowerShell?? 

I want to do the same thing but I could not find an API from Defender for Endpoint.

0 Likes
Reply
sirkillnotalot

‎Mar 05 2021 02:37 AM

‎Mar 05 2021 02:37 AM

Re: Powershell/API to create detections

@simonepatonico I'm afraid not. 

 

I had a call with a product manager at Microsoft and was told this functionality is not yet possible. It was being raised as a feature request but I couldn't find it when I searched last.

 

Since posting this there's been a preview release of the Microsoft Endpoint connector for Azure Sentinel which has the data fields we were using for hunts/detections in Defender so we've shifted our full focus to Sentinel instead.

0 Likes
Reply