8.3. Procedure to put a GCap into operation

A - Introduction

After configuring the GCap, this procedure describes how to start operating the GCap.

To perform this procedure, you must perform all the steps described in the following sections:

• C - Preliminary operations

• D - Procedure to be followed on the GCap

• E - Procedure to be carried out on the GCenter

---

B - Prerequisites

• User: setup

---

C - Preliminary operations

1. Perform the Procedure to configure the GCap for the first connection

2. Activate the required `monx` capture interfaces: refer to Procedure to manage the `monx` capture interface settings

---

D - Procedure to be followed on the GCap

1. Start the detection engine: refer to Manage the detection engine table

   The system displays the following command prompt:

   Monitoring DOWN gcap-name (gcap-cli)
   

   The command prompt indicates the status of the detection engine : here it is stopped.
2. Enter the command

   monitoring-engine start
   

3. Validate
4. Wait for the engine to be up and running
5. Check the status of the detection engine

   The system displays the following command prompt:

   [Monitoring UP] gcap-name (gcap-cli)
   

   The command prompt indicates the status of the detection engine : here it is started

---

E - Procedure to be carried out on the GCenter

1. Apply a ruleset to the GCap

2. Enable or disable the shellcode detection

3. Enable or disable powershell detection

4. Configure the Sigflow specific parameters, namely Base variables, Net variables and File rules management

---