1. Activating Policies

CyberCyte agents work with policies. The first step is to review the policies and decide which ones will be applied. Please go to Rules & Policies -> Policy Management. Make sure the default policies are enabled. Users can enable or disable the policy and edit, clone, or create a new one.

Please review the policy list. There are default rules for artifact collection except Windows Yara Analysis and Windows Generic Artifact Collection. The current policies can be reviewed, and new ones can be added by accessing the policy management. Current policies can be used initially. YARA Analysis is explained in detail within the last part of this guide. For some policies like YARA/THOR Analysis, Generic Artifact Analysis; we have to configure or create them manually because they need to be specified very accurately. To collect Windows artifacts like Shim Cache, AM Cache, and Prefetch, please create a policy with the type "Windows Generic Artifact Analysis."

PreviousAgent Based Deployment Next2. Configure Policies in the Group

Last updated 5 months ago