# Enabling In-Depth Analysis

The CyberCyte portal provides built-in policy rules, but some policies need to be specified manually for accurate analysis. For that, users need to configure object and honeypot access policy, threat monitoring policy and file activity tracking policy.

This section is dedicated to creating a new policy for "In-Depth Analysis", in the default groups all the necessary policies are active and selected.

## Enabling Policies

* **Configuration of Windows Object and Honeypot Access Policy**: This policy is designed for specific object access, CyberCyte uses honeypot for detection and these accesses can be managed by Windows object and honeypot access rules. The users can trust the processes with their signature or path. To edit Windows Object and Honeypot Access Rules, please go to Rules & Policies -> Artifact Collection Parameters -> Windows Object and Honeypot MonitorRules. That page allows users to edit/create/clone/enable/disable rules. Users can specify the rules that fit their requirements. With these rules, artifacts are specially analyzed for specific actions.

<figure><img src="/files/9ta5JXN5pd6VDjdNWPjl" alt=""><figcaption></figcaption></figure>

* **Configuration of Windows Threat Monitoring Policy**: This policy is designed for threat monitoring with customization options. The users can specify which rules are going to be used for this policy. Users can trust the processes with their signatures or paths. The portal provides live-action responses that can terminate processes, which can be enabled in this policy. For editing "Windows Threat Monitoring Rules", please go to "Rules & Policies" -> "Artifact Collection Parameters" -> "Windows Threat Monitoring Rules". That page allows users to edit/create/clone/enable/disable rules. Users can specify the rules that fit their requirements. With these rules, artifacts are specially analyzed for specific actions.

<figure><img src="/files/OdhOpSypUSJaNKBmQmQt" alt=""><figcaption></figcaption></figure>

* **Configuration of Windows  File Activity Tracking Policy**: This policy is designed for threat monitoring with customization options. The users can trust the processes with their signature or paths, this is needed for optimizing and enrichment of the data. Also, users can monitor all executable artifact activities, whitelisted artifact activities and terminate or delete unknown/risky/malicious files or processes.

<figure><img src="/files/YClkzVlbevEuKvix2Yzr" alt=""><figcaption></figcaption></figure>

## Assigning Policies To The Group

* Please go to Rules & Policies -> Policy Management -> Group Management. Click three dots on the right side of the group entry and select the "Edit" option. Select the policies to assign and click the "Save" button under the page.

<figure><img src="/files/sd1GtWQSU5lN75X7LmB0" alt=""><figcaption></figcaption></figure>

## Enabling Classification Rules for In-Depth Analysis

* Please go to "Rules & Policies" -> "Artifact Classifications" -> "Query-Based Classification". Search "Windows Object and Honeypot Access", "Threat Monitor" and "File Activity". Enable all the rules displayed on the grid. After enabling classification rules, the portal will analyze the data sets, and users can see the results under "Analysis & Investigation" -> "Artifact Analysis".

<figure><img src="/files/7JKcqSEXh0UHKJaiGEBu" alt="" width="284"><figcaption></figcaption></figure>


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.cloudcyte.com/getting-started/configuring-modules/network-security/enabling-in-depth-analysis.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.