Bert-JanP
commented
3 months ago Hi, I am not aware of this issue. If you have enabled UAL for MDE you can view what caused this activity. If there is no entry and the UAL activities are enabled I suggest creating a support ticket for MS Support to investigate this particular issue. Both Indicator and custom detection rule deletions/changes (and creations) are logged in UAL.
My organizations Microsoft Defender custom detection rules have all disappeared, about half of our blocked IOC's have vanished as well. I'd like to know if this is peculiar to anyone and if there is a solution?