> For the complete documentation index, see [llms.txt](https://docs.cloudcyte.com/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.cloudcyte.com/admin-guide/rules-and_policies/artifact_collection_parameters.md). # Artifact Collection Parameters This page is designed for managing Windows Event Log, Windows Sysmon, Windows File Analysis, Threat Detection, Reported E-Mail Searches, and Content Search Rules. * **Windows Event Log Rules**: This section displays Windows event log rules. The users can create, edit, and delete the rules according to their requirements. * **Windows Sysmon Rules**: This section displays Windows Sysmon rules. The users can create, edit, and delete the rules according to their requirements. * **Windows File Analysis**: This section displays Windows file analysis. The users can create, edit, and delete the analysis rule according to their requirements. * **Threat Detection Rules**: This section displays SIGMA rules. The users can create, edit, and delete the analysis rule according to their requirements. These rules are SIGMA rules for Thor analysis. * **Reported E-Mail Searches (Deprecated)**: This section displays reported e-mail searches. If the users report an e-mail, the analysis state can be seen from this section. * **Content Search Rules**: This section is designed for content searching with agents, Teams, or Outlook add-ins. The users can create, edit, and delete rules according to their requirements. * **Windows Threat Monitor Rules**: This section allows users to manage the Windows threat monitor rules. The users can edit, clone, or create a new rule for specific requirements of their own. * **OSQuery Rules:** This section allows users to manage the OSQuery rules for Linux and macOS. The users can edit, clone, or create a new rule for specific requirements of their own. * **Windows Object and Honeypot Monitor Rules**: This section allows users to manage the Windows object and honeypot monitor rules. The users can edit, clone, or create a new rule for specific requirements of their own. * **NMAP Script Scan Results**: This section is allow users to edit NMAP Scripts for network scanning. The users can edit, clone, or create a new rule for specific requirements of their own. * **Windows Security Software Settings**: This section allows users to manage security software detection parameters. The users can edit, clone, or create a new settings for specific requirements of their own. * **Linux/macOS Security Software Settings**: This section allows users to manage security software detection parameters. The users can edit, clone, or create a new settings for specific requirements of their own. * **Semgrep Analysis Rules:** Coming soon. --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter: ``` GET https://docs.cloudcyte.com/admin-guide/rules-and_policies/artifact_collection_parameters.md?ask=&goal= ``` `ask` is the immediate question: it should be specific, self-contained, and written in natural language. `goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.