# Utilizing the Platform Effectively and Interpreting the Artifact Analysis Results * Once the SIGMA & YARA results are available, using classification rules and lists for whitelisting the artifacts is recommended. Using hash values, signing company, image, and parent image path enables fast classification. Using wildcards for certain paths also simplifies the whitelisting process. * YARA results enable identifying the risky files that are passive inside the system but can create false positives. For every file, digital signature information is added. Using the signer information in the classification rules can minimize the number of false positives. * After whitelisting, creating a notification template and enabling the "Notify on Match" rules in Sysmon is recommended. When an unknown process to threat intelligence performs a risky behavior, it will be identified. * A generic notification template can be used to send a notification when a malicious artifact is identified. The malicious activity rule is sufficient to assign the template to the "All Artifact." Artifact-specific classification rules should be used to get a more detailed notification. * Windows Security Controls are used to secure the Windows endpoints. Creating a classification rule to identify which security controls will be omitted is recommended. A template is provided. It can be cloned, and the controls can be selected. Once identified, creating a test group and applying the security controls to test devices and monitor for a week is recommended. After initial monitoring, controls can be applied to the endpoints first and then to the servers. * Commonly used security software packages can be deployed by the platform. Creating an automated job for automated installation on endpoints where the security software is not deployed is possible. --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.cloudcyte.com/getting-started/utilizing-the-platform-effectively-and-interpreting-the-artifact-analysis-results.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.