GCenter documentation V101
Last update 04/10/2024

Release Notes

  • 1. Upgrade Path
  • 2. Release Notes

Setup

  • 1. Presentation of the equipment
    • 1.1. GCenter
    • 1.2. GCAP
  • 2. Flow Matrix
  • 3. Example of architectures
  • 4. Configuration
    • 4.1. Initial configuration
    • 4.2. Global configuration
      • 4.2.1. Global Settings
      • 4.2.2. Proxy Settings
      • 4.2.3. SSL Settings
      • 4.2.4. Session age settings
      • 4.2.5. Licenses

GCap

  • 1. Presentation
  • 2. Pairing
    • 2.1. Add a GCAP
    • 2.2. Re-pairing a GCAP
    • 2.3. Delete a GCAP
  • 3. Configuration
    • 3.1. Details of a GCAP
    • 3.2. Set a default profile

GUM

  • 1. Upgrade
    • 1.1. Hotfix
    • 1.2. Upgrade
  • 2. Updating signatures (Update)
    • 2.1. Update mode
      • 2.1.1. Online mode
      • 2.1.2. Manual mode
      • 2.1.3. Local mode
    • 2.2. Configuration
    • 2.3. Manual update of the engines
    • 2.4. Checking for updates

Malcore

  • 1. Presentation
  • 2. Configuration
    • 2.1. Global settings
    • 2.2. Profiles
    • 2.3. Exception list
  • 3. Detection
    • 3.1. Inspectra
    • 3.2. Dashboards
  • 4. Generated events
    • 4.1. Example of a log
    • 4.2. Summary table of the fields
  • 5. Detection by gscan

Codebreaker

  • 1. Presentation
  • 2. Detection
  • 3. Generated events
    • 3.1. Codebreaker Shellcode
      • 3.1.1. Example of a Codebreaker Shellcode log
      • 3.1.2. Table summarising the Codebreaker Shellcode fields
    • 3.2. Codebreaker Powershell
      • 3.2.1. Codebreaker Powershell event modifications
      • 3.2.2. Example of Codebreaker Powershell log
      • 3.2.3. Table summarising the Codebreaker Powershell fields
  • 4. GScan
    • 4.1. Shellcode Scanning
    • 4.2. Powershell Scanning
    • 4.3. History

Sigflow

  • 1. Presentation
  • 2. GCAP Profiles
    • 2.1. Detection Rulesets
      • 2.1.1. Single-tenant
      • 2.1.2. Multi-tenant by interface
      • 2.1.3. Multi-tenant by vlan
    • 2.2. Base variables
      • 2.2.1. Base Variables - General
      • 2.2.2. Base Variables - Stream
      • 2.2.3. Base Variables - Parsing
    • 2.3. Net variables
    • 2.4. Flow timeouts
    • 2.5. Files rules management
    • 2.6. Packet filtering
  • 3. Rules management
    • 3.1. Sources
    • 3.2. Rulesets
      • 3.2.1. Optimisation of rulesets
    • 3.3. Changing signatures
      • 3.3.1. Definition of signatures
    • 3.4. Generating rulesets
    • 3.5. Secret Local Rule
  • 4. Detection
    • 4.1. SmartMap
    • 4.2. Kibana Dashboard
  • 5. Generated events
    • 5.1. Document type "alert"
    • 5.2. Document type "fileinfo"
    • 5.3. Metadata document

Machine Learning

  • 1. Introduction to the DGA Algorithm
  • 2. Activation
  • 3. Exception list
  • 4. Generated events

External integration

  • 1. MISP (Malware Information Sharing Platform)
  • 2. Hurukai (by HarfangLab)
  • 3. Intelligence
    • 3.1. External
    • 3.2. GBox
  • 4. Syslog
    • 4.1. Configuration Syslog
      • 4.1.1. General settings
      • 4.1.2. Filtering
      • 4.1.3. Encryption
    • 4.2. Logstash
      • 4.2.1. Configuring Logstash data export
      • 4.2.2. Pipeline Logstash
      • 4.2.3. Quick POC
    • 4.3. Splunk
      • 4.3.1. Configuring Splunk data export
      • 4.3.2. Installing the TA
      • 4.3.3. Configuring data reception
      • 4.3.4. Composition of the TA
        • 4.3.4.1. props.conf
        • 4.3.4.2. transforms.conf
        • 4.3.4.3. eventtype.conf
        • 4.3.4.4. tags.conf
  • 5. Using the GCENTER API
    • 5.1. Use via swagger
    • 5.2. Use via CURL
    • 5.3. Use via python package
      • 5.3.1. Installation
      • 5.3.2. Use
        • 5.3.2.1. Import
        • 5.3.2.2. Documentation
        • 5.3.2.3. List the library functions
        • 5.3.2.4. Authentication
        • 5.3.2.5. Elasticsearch query
        • 5.3.2.6. Alertes
        • 5.3.2.7. Data export
        • 5.3.2.8. Gcap Profiles
        • 5.3.2.9. Licence
        • 5.3.2.10. Network
        • 5.3.2.11. Malcore
        • 5.3.2.12. Sigflow
        • 5.3.2.13. Status
        • 5.3.2.14. User

Supervision

  • 1. Home Page
  • 2. Embedded Dashboards
  • 3. Nagios
  • 4. Netdata
    • 4.1. Netdata export
      • 4.1.1. Netdata - General settings
      • 4.1.2. Netdata - Encryption
  • 5. Using a NETDATA server
    • 5.1. Installation via docker
    • 5.2. Configuration
    • 5.3. Creating alerts for Netdata

User management

  • 1. Local users
  • 2. LDAP Integration / ActiveDirectory
  • 3. Audit trail
    • 3.1. Authentications history
      • 3.1.1. Creations/Deletions history
      • 3.1.2. Permissions history

Backup / Restore

  • 1. Configuration
    • 1.1. Operations

Maintenance

  • 1. Data Management
    • 1.1. Data deletion
  • 2. Diagnostics
    • 2.1. Log files
  • 3. Solution logs
  • 4. Emergency mode
  • 5. GApps management

MPL: Details

  • 1. MPL: reminders
  • 2. MPL applied to GCENTER
    • 2.1. Automatic action
      • 2.1.1. Strengthening (GRsec, binaries, PAX, and modules)
      • 2.1.2. GScan Service
      • 2.1.3. USB Port
      • 2.1.4. Hotfix upgrade
    • 2.2. Manual action
      • 2.2.1. AD/LDAP account
      • 2.2.2. IDRAC Disabled
      • 2.2.3. Separation of interfaces
      • 2.2.4. Offline Update
      • 2.2.5. Certificate integration
      • 2.2.6. Groups
GCenter documentation V101
  • Search

© Copyright 2024, Gatewatcher.