Custom Detections via API

Brass Contributor

Is there a way to add, update and delete "Custom Detections" in Defender for Endpoint via the api? I don't mean indicators like file hashes, I mean the actual KQL Custom Detections with priorities.

 

There's a notebook for this in Azure Sentinel but I haven't seen anything for Endpoint. 

 

Much appreciated!!

0 Replies