Advanced hunting context panes are now available in custom detection experiences

January 2025 Update2

• (Preview) Users with provisioned access to Microsoft Purview Insider Risk Management can now view and manage insider risk management alerts and hunt for insider risk management events and behaviors in the Microsoft Defender portal. For more information, see Investigate insider risk threats in the Microsoft Defender portal with insights from Microsoft Purview Insider Risk Management.
• (GA) Advanced hunting context panes are now available in custom detection experiences. This allows you to access the advanced hunting feature without leaving your current workflow.
  For incidents and alerts generated by custom detections, you can select Run query to explore the results of the related custom detection.
  In the custom detection wizard's Set rule logic step, you can select View query results to verify the results of the query you are about to set.
• (GA) The Link to incident feature in Microsoft Defender advanced hunting now allows linking of Microsoft Sentinel query results. In both the Microsoft Defender unified experience and in Defender XDR advanced hunting, you can now specify whether an entity is an impacted asset or related evidence.
• (GA) Migrating custom detection queries to Continuous (near real-time or NRT) frequency is now generally available in advanced hunting. Using the Continuous (NRT) frequency increases your organization's ability to identify threats faster. It has minimal to no impact to your resource usage, and should thus be considered for any qualified custom detection rule in your organization. Migrate compatible KQL queries by following the steps in Continuous (NRT) frequency.