Artifact Collection Parameters
Last updated
Last updated
This page is designed for managing Windows Event Log, Windows Sysmon, Windows File Analysis, Threat Detection, Reported E-Mail Searches, and Content Search Rules.
Windows Event Log Rules: This section displays Windows event log rules. The users can create, edit, and delete the rules according to their requirements.
Windows Sysmon Rules: This section displays Windows Sysmon rules. The users can create, edit, and delete the rules according to their requirements.
Windows File Analysis: This section displays Windows file analysis. The users can create, edit, and delete the analysis rule according to their requirements.
Threat Detection Rules: This section displays SIGMA rules. The users can create, edit, and delete the analysis rule according to their requirements. These rules are SIGMA rules for Thor analysis.
Reported E-Mail Searches: This section displays reported e-mail searches. If the users report an e-mail, the analysis state can be seen from this section.
Content Search Rules: This section is designed for content searching with agents, Teams, or Outlook add-ins. The users can create, edit, and delete rules according to their requirements.
Windows Threat Monitor Rules: This section allows users to manage the Windows threat monitor rules. The users can edit, clone, or create a new rule for specific requirements of their own.
OSQuery Rules: This section allows users to manage the OSQuery rules for Linux and macOS. The users can edit, clone, or create a new rule for specific requirements of their own.
Windows Object and Honeypot Monitor Rules: This section allows users to manage the Windows object and honeypot monitor rules. The users can edit, clone, or create a new rule for specific requirements of their own.
