5.5.2. Starting up a GCap

5.5.2.1. Introduction

After configuring the GCap, this procedure describes how to start operating the GCap.

---

5.5.2.2. Prerequisites

• User: setup

---

5.5.2.3. Preliminary operations

• Perform the Procedure for connecting to the GCap for the first time.

• Activate the required monx capture interfaces: see Procedure for managing monx capture interface settings.

---

5.5.2.4. Procedure to be followed on the GCap

• Starting the detection engine: see the Managing the detection engine table.

  The system displays the following command prompt:

   Monitoring DOWN gcap-name (gcap-cli) 
  

  The command prompt indicates the status of the detection engine: here it is stopped.

• Enter the following command.

  (gcap-cli) monitoring-engine start
  

• Validate.

• Wait for the engine to be up and running.

• Check the status of the detection engine.

  The system displays the following command prompt:

  [Monitoring UP] gcap-name (gcap-cli) 
  

  The command prompt indicates the status of the detection engine: here it is running.

---

5.5.2.5. Procedure to be carried out on the GCenter

• Apply a ruleset to the GCap.

• Enable or disable the shellcode detection.

• Enable or disable the powershell detection.

• Enable or disable powershell detection.

• Configure the Sigflow specific parameters, namely Base variables, Net variables and File rules management.

---