5.3.4. `Admin/Templates` screen of the Web UI

After pressing the `Templates` command, the following screen is displayed.

item	Zone	Function
1	Template creation	This zone enables creating templates that can be used to analyse files accessible to the operator.
2	Template management	This area (Available templates) enables managing existing templates.

---

5.3.4.1. Template Creation Zone

The template creation area consists of 2 parts.

This zone includes:

• The `Defaut template` et `Quick template` sections: The Creation of the default template section

• The `Custom template` section: Creating a custom template

For implementation, see the Creating an analysis template procedure.

---

5.3.4.1.1. The Creation of the default template section

This section is made up of the `Defaut template` and `Quick template` sections.

It enables configuring the templates that can become the default template used by the operator when searching for threats.

The creation phase of these templates is carried out using the elements described below.

Astuce

The default template is selected from the existing templates in the `Available templates` zone.

Important

It is essential to ensure that at least one template is defined so that operators can carry out analyses.

Item	Name	Function
1	`Default template`	This field enables defining the default template (`Default template`) If a default template is defined, its name is displayed. In this example, `Default template: full` indicates that the default template name is full If no default template is defined then the following message is displayed: `Default template: No default template` The engines defined in the default template are listed: in this example, these are items (2) to (5).
2		In this example, the `Gmalcore` engine (Analyser) is visible and therefore active in the template by default.
3		In this example, the `Grip` engine (Analyser) is visible and therefore active in the template by default.
4		In this example, the `Gnest` (Analyser) engine is visible and therefore active in the template by default.
5		In this example, the `Goasm` engine (Analyser) is visible and therefore active in the template by default.
8		The `EDIT TEMPLATE` button enables editing of the default template. It is possible to change the active motors, and configure them.
6	`Quick template`	This area enables a template to be quickly selected by simply clicking on one of the following 2 buttons:
7		the `LIGHT TEMPLATE` button creates a template using only the Gmalcore and Goams engines, hence the term light template.
9		the `FULL TEMPLATE` button creates a template with the active engines, hence the term full template. The parameters for the Grip and Gnest engines are the default parameters. The list of default parameters is provided below.

Note

There can only be one template designated `light` and one defined as `full.

---

5.3.4.1.2. Creating a custom template

Marker	Name	Function
10	`Template name`	This field enables specifying the name of a custom template The current template type is listed. In this example, `Default template: full` indicates that the current template is full.
11	`Gmalcore`	Enables the Gmalcore engine. In the example, the Gmalcore engine is inactive.
12	`Grip`	Enables the GRIP engine. In the example, the GRIP engine is inactive.
13	`Gnest`	Enables the GNEST engine. In the example, the GNEST engine is inactive.
14	`Goasm`	Enables the Goasm engine. In the example, the GOASM engine is inactive.
15	`CREATE TEMPLATE`	The `EDIT TEMPLATE` button opens a window for setting the parameters of the template to be created with the pre-selected options.

---

5.3.4.1.2.1. Grip settings

The Grip engine must be configured by selecting the type of analysis (`Analysis type`): {light|heavy} to specify the data extracted from the file being analysed.

Note

The default analysis is: light

Extracted data	light	heavy
archive size	X	X
libraries used	x	x
binary entrypoint information	x	x
general information	x	x
character strings		x
imports / exports		x
sections of the binary		x

---

5.3.4.1.2.2. Gnest parameters

The Gnest engine must be configured for this template:

Parameter	Meaning	Values	Default values
`VM`	Choice of active VM. Only the selected VM is activated in this template The following parameters apply only to the selected VM or to all VMs (choose `any)	any or default	any
`Analysis duration`	Maximum execution time in the VM	100s to 300 s	100s
`Network`	Activating the VM's network interface	None or Internet	None
`Memory dump`	Enable or disable the memory dump at the end of the analyses performed by Gnest Danger, high disk usage: The memory dump can be downloaded from the Reports - List all page from the analysis artefacts.	No or Yes	No

Avertissement

Activating the `Memory dump` option means that the entire memory (4GB) is saved to disk.

To avoid saturating disk space, it is best to activate this option on specific templates and not on the default template.

However, it is possible to delete these dumps by removing the artefacts available in the reports or via the API.

---

5.3.4.2. Template Management Zone

The template Management area enables existing templates to be managed.

Item	Name	Function
1	`full`	This template, whose name is full, is defined as the default template ("Default" field).
4		List of active engines in this template; here, in the case of the full template, all engines are enabled.
7		Menu for managing this template; in the case of the default template, only the `Edit` command is available.
2	`light`	This template corresponds to the one referred to as `light.
5		List of active engines in this template; here, in the case of the light template, only the Gmalcore and Goasm engines are enabled
8		Management menu for this template: the `Set as default, `Edit` and `Remove` commands are available
3	`test`	This template is an example of a custom template
6		List of active engines in this template; here, in the case of the light template, only the Gmalcore and Goasm engines are enabled
9		Management menu for this template: the `Set as default`, `Edit` and `Remove` commands are available

An analysis template can be deleted by clicking on the `Remove` button.

When an analysis template is deleted, the analyses launched with this template are retained, as is the name of the template at the time of deletion.

For implementation, see the Managing the analysis templates procedure.

---