Artifact Classification

This page displays the classification rules that the portal is using for the classification of the artifacts. The users can create/edit/clone and edit/delete the rules, based on their requirements. The "priority" column means which rule will be executed last and which one is more important.

• Query Based Classification: This section displays query-based classification rules. The users can create/edit/clone and edit/delete the rules, based on their requirements.

• List Based Classification: This section displays list-based classifications. The users can create/edit/clone and edit/delete the lists, based on their requirements.

• List Types Management: This section displays list types. The users can create a new list type or edit an existing one. For default, a global white list is enabled and it can exclude entries from the sysmon collection.