9.2.3. Procedure to analyse the engines monitoring
9.2.3.1. Introduction
9.2.3.2. Prerequisites
User: member of Administrators Group
9.2.3.3. Preliminary operations
Connect to the GBox via a browser (see Connection to the web interface via a browser).
9.2.3.4. How to access the `Analysers` screen
When the `Analysers` command is pressed, the following screen is displayed.
Marker |
Engine |
Engine function |
|---|---|---|
1 |
Static analysis |
|
2 |
Shellcode detection |
|
3 |
Domain name detection |
|
4 |
Dynamic analysis within a virtual machine |
|
5 |
Static and heuristic analysis |
The following information is displayed for each engine:
Marker |
Name |
Grip Engine |
Goasm Enging |
Gdgadetect Enging |
Gnest Engine |
Gmalcore Engine |
|---|---|---|---|---|---|---|
1 |
Type |
Static analysis |
Shell code detection |
Detection of domain names generated by the Domain Generation Algorithm (DGA) |
Executes the file in a virtual machine and analyses its behaviour |
Static and multi-engine heuristic analysis |
2 |
Capabilities |
Analysis |
Provides a score for the potential danger and names the shellcode detected |
Provides a compromise score |
Names the problem detected |
Provides a score for the potential danger and names the problem detected |
3 |
Config |
Not configurable, so this field is not displayed |
Virtual machine management - adding, deleting, logging |
Gmalcore engine management |
||
4 |
x jobs : number of tasks in progress (analysis status NEW + IN PROGRESS) |
Number of jobs awaiting processing |
||||
5 |
Ability to carry out analyses |
This engine has no requirements, so it is always in the |
The engine is in the
`ready` state if there is the same number of VMs in the GBox.and in CAPE - the dynamic analysis engine
|
The engine is in the
`ready` state if all the engines are installed.and the API is up
|
||
6 |
Engine status |
UP : engine api is listening : DOWN : engine api is not active |
||||
`Analysers` command is pressed, the following screen is displayed.
Marker |
Engine |
Engine function |
|---|---|---|
1 |
static analysis |
|
2 |
Shellcode detection |
|
3 |
Domain name detection |
|
4 |
Dynamic analysis in a virtual machine |
|
5 |
Static and Heuristic Analysis |
The following information is displayed for each engine:
Marker |
Name |
|---|---|
1 |
Type |
2 |
Capacities |
3 |
Config, only available for certain engines |
4 |
x jobs |
5 |
Status |
6 |
Engine status |
9.2.3.5. Procedure for checking that engines are in good condition
Check whether each motor is in the
`UP`status.
Astuce
If the engine status (Grip, Goasm, Gdgadetect or Gnest) is`DOWN`, wait a moment.If the engine remains in the`DOWN`status, contact Gatewatcher support.
Check whether each motor is in the
`Ready`status.
Astuce
`Not Ready`status for the Gmalcore engine does ** not necessarily indicate that the engine is unable to perform scans, but it does indicate that at least one of the 16 antivirus engines is out of date or out of service.
Check that the Gmalcore engines are in good condition: see the Procédure to configure the Gmalcore engine.
9.2.3.6. Procedure for updating Gnest and Gmalcore engines
Gmalcore packages (latest_malcore): these packages only contain updates to the antivirus engines and databases used by Malcore.
Sandbox packages (latest_sandbox): these packages contain updates to the signatures and modules used by the Gnest engine sandboxes.
Complete packages (latest_full): these packages are a combination of the two previous packages.
These packages can be installed:
If installation needs to be done manually, see the Manual installation of a signature update procedure.
If installation needs to be made automatically, see the Configuring automatic updates via GUM procedure.