2. Updating signatures (Update)

2.1. Update mode

The product can be updated in three different ways depending on the requirements of the information system in which the solution is deployed: Online update, Manual update, and Local update.

2.1.1. Online mode

The online update enables automated updates and reduces administration tasks.

Updates are done automatically from https://update.GATEWATCHER.com and https://gupdate.GATEWATCHER.com.

Note

In the case of scheduled online mode, scheduling applies only to the SigFlow engine. Updates to the Malcore engine are performed every 15 minutes.

2.1.2. Manual mode

Manual update is suitable for isolated environments. The administrator must first manually download the update packages to an administration workstation and then upload them to Gcenter via the web interface.

2.1.3. Local mode

In order to meet specific security constraints, GCenter is able to fetch its updates from a local repository.

The steps to configure a local repository are as follows:

  • Prerequisites: A Web server monitoring on port 80

  • Create the following tree structure: "2.5.3.10X/GCenter" depending on the GCenter version (2.5.3.100 or 2.5.3.101). In the following configuration example this tree should be created at the root of the server.

  • Retrieve a gwp file (latest_full.gwp for a GCenter V100, latest_full_v3.gwp for a 2.5.3.101) from https://update.gatewatcher.com/update/

  • In "2.5.3.10X/GCenter", insert the gwp file retrieved previously.

  • In "2.5.3.10X/GCenter", place a sha256sum.txt file that contains a "sha256sum FileName" entry

Example of a sha256sum.txt file

2.2. Configuration

Menu: Administrators > GUM > Config

The GUM menu enables entering the necessary parameters for using the online or local mode.

The configuration of the update parameters (signature update) is activated by ticking the Enabled box.

The mode can be selected from the list:

Defining when updates are to be made is done via the Time of day and Frequency fields.

The URL field enables specifying the address where GUM should check for updates. In the case of an Online update,

In the case of online mode, an intelligence account will be required for the update package to be downloaded from the site. This user and password combination must be entered in the Username and Password fields below the address. The URL field will be automatically filled in when selecting the Online mode. Update packages are retrieved from GateWatcher servers https://update.GATEWATCHER.com/update/.

In the case of local mode, it is necessary to specify the address of the local repository.

The TRACKWATCH solution also provides the possibility to configure a proxy server to reach this repository. This option can be configured in the [Proxy Settings] section (install.html#proxy-settings).

Validation of the form from the 'Update GUM configuration' button is mandatory for the information entered to be taken into account.

2.3. Manual update of the engines

Menu: Administrators > GUM > Update

Important

As of version 2.5.3.101, please use the updates marked with a version 3.

All updates are available through our download platform https://update.GATEWATCHER.com. Once the update package is downloaded, the update of the MALCORE and SIGFLOW engines is done on GCENTER.

Three packages can be used to manually perform the updates. The sigflow packages to update the detection rules, the malcore packages to update the antiviral engines, and full to update both engines at the same time.

From the GCENTER web interface, in the GUM/Updates section, the administrator is able to drop the update package and apply it by selecting Apply.

2.4. Checking for updates

Menu: Home Page

The date of the last update of the Sigflow and Malcore engines is visible directly from the HomePage, accessible by clicking on the Gatewatcher logo at the top of the left-hand menu.