Artifact Collection Parameters

This page is designed for managing Windows Event Log, Windows Sysmon, Windows File Analysis, Threat Detection, Reported E-Mail Searches, and Content Search Rules.

• Windows Event Log Rules: This section displays Windows event log rules. The users can create, edit, and delete the rules according to their requirements.

• Windows Sysmon Rules: This section displays Windows Sysmon rules. The users can create, edit, and delete the rules according to their requirements.

• Windows File Analysis: This section displays Windows file analysis. The users can create, edit, and delete the analysis rule according to their requirements.

• Threat Detection Rules: This section displays SIGMA rules. The users can create, edit, and delete the analysis rule according to their requirements. These rules are SIGMA rules for Thor analysis.

• Reported E-Mail Searches: This section displays reported e-mail searches. If the users report an e-mail, the analysis state can be seen from this section.

• Content Search Rules: This section is designed for content searching with agents, Teams, or Outlook add-ins. The users can create, edit, and delete rules according to their requirements.

• Windows Threat Monitor Rules: This section allows users to manage the Windows threat monitor rules. The users can edit, clone, or create a new rule for specific requirements of their own.

• OSQuery Rules: This section allows users to manage the OSQuery rules for Linux and macOS. The users can edit, clone, or create a new rule for specific requirements of their own.

• Windows Object and Honeypot Monitor Rules: This section allows users to manage the Windows object and honeypot monitor rules. The users can edit, clone, or create a new rule for specific requirements of their own.

• Windows Object and Honeypot Monitor Rules: This section is allow users to edit NMAP Scripts for network scanning. The users can edit, clone, or create a new rule for specific requirements of their own.