2. Overall operation

The GCap ensures the capture of network flows and part of the analyses. A GCap is connected to a switch with a port mirror or to a TAP mirroring the network flow. One or more GCap can be deployed within an infrastructure, locally or at remote sites. The GCap are connected to a GCenter management appliance.

The GCenter ensures the analysis of the information reported by the GCap, their storage, the interfaces for configuration, reporting and the export of information to a SIEM. Probe or Probe-related components will be deployed within the Customer Network, Customer Admin Network, Enclave, or Probe Service Information System. The authorization of data escalation to the detection service is under the exclusive control of the client.

Below is a flow matrix for the GCap and GCenter solutions:

There is no particular restriction concerning the management interfaces of GCenter and GCap apart from the mandatory use of the interfaces [VPN0] and [GCP0 ] for the transit via an IPSEC tunnel of captured data.