Custom Detections via API

%3CLINGO-SUB%20id%3D%22lingo-sub-3375267%22%20slang%3D%22en-US%22%3ECustom%20Detections%20via%20API%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-3375267%22%20slang%3D%22en-US%22%3E%3CP%3EIs%20there%20a%20way%20to%20add%2C%20update%20and%20delete%20%22Custom%20Detections%22%20in%20Defender%20for%20Endpoint%20via%20the%20api%3F%20I%20don't%20mean%20indicators%20like%20file%20hashes%2C%20I%20mean%20the%20actual%20KQL%20Custom%20Detections%20with%20priorities.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThere's%20a%20notebook%20for%20this%20in%20Azure%20Sentinel%20but%20I%20haven't%20seen%20anything%20for%20Endpoint.%26nbsp%3B%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EMuch%20appreciated!!%3C%2FP%3E%3C%2FLINGO-BODY%3E
Contributor

Is there a way to add, update and delete "Custom Detections" in Defender for Endpoint via the api? I don't mean indicators like file hashes, I mean the actual KQL Custom Detections with priorities.

 

There's a notebook for this in Azure Sentinel but I haven't seen anything for Endpoint. 

 

Much appreciated!!

0 Replies