4.6.3. Managing the detection engine
Function per level |
setup |
gviewadm |
gview |
---|---|---|---|
Sigflow configuration: display the configuration and the rules |
|||
Sigflow configuration: display advanced options |
N/A |
N/A |
|
Sigflow configuration: apply an advanced configuration |
N/A |
N/A |
|
Sigflow configuration: start the detection engine |
N/A |
||
Sigflow configuration: stop the detection engine |
N/A |
||
Sigflow configuration: display status |
N/A |
||
Traffic generation: replaying a pcap file |
N/A |
4.6.3.1. Managing the detection engine (advanced functions)
The advanced functions include:
resource allocation: modification of the distribution of CPUs reserved for the detection engine
capture interface load balancing: load balancing of captured flows per capture interface using load balancing methods (algorithm)
flow filtering: specification of static rules for filtering flows captured by capture interfaces
Sigflow local rules: local modification in the GCap of the traffic monitoring rules performed by the Sigflow detection engine using the detection rules (local_all.rules file)
Function per level |
setup |
gviewadm |
gview |
---|---|---|---|
Resource allocation: display the number of dedicated CPUs |
N/A |
N/A |
|
Resource allocation: modify the number of dedicated CPUs |
N/A |
N/A |
|
Load balancing monx capture interface - CPU: show the configuration |
N/A |
N/A |
|
Load balancing monx capture interface - CPU: modify the configuration |
N/A |
N/A |
|
Flow filtering: display static rules |
N/A |
N/A |
|
Flow filtering: specify the static rules |
N/A |
N/A |
|
Sigflow local rules: display |
N/A |
N/A |
|
Sigflow local rules: modify |
N/A |
N/A |