Microsoft is now rolling out its real-time custom detections feature, dubbed “Continuous” or “NRT”, for public preview. NRT or near real-time, as the name suggests, will essentially allow users to set the frequency of their custom detection in Microsoft 365 Defender so that threats can be detected in near real-time and dealt with immediately. This Continous (NRT) rule can be set in the frequency dropdown available in the Custom Detection wizard (image below). The previous options included Every hour, Every 3 hours, Every 12 hours, and Every 24 hours.
Tali Ash, who is the Senior Product Manager for Microsoft 365 Defender, announced it in a new Tech Community blog post. She writes:
To address the need for faster detections and response, we are thrilled to announce that you can now create custom detection rules that run in near real-time, in addition to existing frequencies ranging from every 24 hours to every hour. These detections can be integrated with the broad set of Microsoft 365 Defender across email, endpoint, and identity, leading to faster response times and faster mitigation of threats.
This means your custom logic will run and evaluate all available signals and alerts faster than ever before and will trigger your predefined response action immediately, once a match is detected.
This new frequency will be available in Microsoft 365 Defender as Continuous (NRT).
Ash says that the custom real-time detections will especially be helpful in detecting the most recent security vulnerabilities. You can find more details about Continuous (NRT) feature in the official blog post here.