detection-authoring
CommunityDeploy custom detections to Defender XDR.
Authormsandbu
Version1.0.0
Installs0
System Documentation
What problem does it solve?
This Skill automates the creation and management of custom detection rules within Microsoft Defender XDR, streamlining the process of enhancing your security posture with tailored threat detection.
Core Features & Use Cases
- Rule Deployment: Create new custom detection rules directly in Defender XDR using PowerShell and the Graph API.
- Batch Processing: Deploy multiple rules efficiently from a JSON manifest file.
- Lifecycle Management: Supports listing, enabling, disabling, and deleting existing rules.
- Query Adaptation: Provides guidance and tools to convert Sentinel KQL queries into the required format for custom detections.
- Use Case: A security analyst needs to deploy 10 new detection rules based on recent threat intelligence. Instead of manually configuring each rule in the portal, they use this Skill to deploy all 10 rules from a manifest file in minutes.
Quick Start
Use the detection-authoring skill to deploy custom detection rules from the file '.\temp\new_detections.json'.
Dependency Matrix
Required Modules
Microsoft.Graph.Authentication
Components
scriptsreferences
💻 Claude Code Installation
Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.
Please help me install this Skill: Name: detection-authoring Download link: https://github.com/msandbu/sentinelday/archive/main.zip#detection-authoring Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
Agent Skills Search Helper
Install a tiny helper to your Agent, search and equip skill from 223,000+ vetted skills library on demand.