search
Log In

Artifact Collection Parameters

This page is designed for managing Windows Event Log, Windows Sysmon, Windows File Analysis, Threat Detection, Reported E-Mail Searches, and Content Search Rules.

  • Windows Event Log Rules: This section displays Windows event log rules. The users can create, edit, and delete the rules according to their requirements.

  • Windows Sysmon Rules: This section displays Windows Sysmon rules. The users can create, edit, and delete the rules according to their requirements.

  • Windows File Analysis: This section displays Windows file analysis. The users can create, edit, and delete the analysis rule according to their requirements.

  • Threat Detection Rules: This section displays SIGMA rules. The users can create, edit, and delete the analysis rule according to their requirements. These rules are SIGMA rules for Thor analysis.

  • Reported E-Mail Searches (Deprecated): This section displays reported e-mail searches. If the users report an e-mail, the analysis state can be seen from this section.

  • Content Search Rules: This section is designed for content searching with agents, Teams, or Outlook add-ins. The users can create, edit, and delete rules according to their requirements.

  • Windows Threat Monitor Rules: This section allows users to manage the Windows threat monitor rules. The users can edit, clone, or create a new rule for specific requirements of their own.

  • OSQuery Rules: This section allows users to manage the OSQuery rules for Linux and macOS. The users can edit, clone, or create a new rule for specific requirements of their own.

  • Windows Object and Honeypot Monitor Rules: This section allows users to manage the Windows object and honeypot monitor rules. The users can edit, clone, or create a new rule for specific requirements of their own.

  • NMAP Script Scan Results: This section is allow users to edit NMAP Scripts for network scanning. The users can edit, clone, or create a new rule for specific requirements of their own.

  • Agentles Windows Collection Rules: This section allows users to manage the agentless collection rules. The users can edit, clone, or create a new rule for specific requirements of their own.

  • Agentless Linux Collection Rules: This section allows users to manage the agentless collection rules. The users can edit, clone, or create a new rule for specific requirements of their own.

  • Windows Security Software Settings: This section allows users to manage security software detection parameters. The users can edit, clone, or create a new settings for specific requirements of their own.

  • Linux/macOS Security Software Settings: This section allows users to manage security software detection parameters. The users can edit, clone, or create a new settings for specific requirements of their own.

PreviousSIGMA/YARA RulesNextInitialization Lists

Last updated

Was this helpful?