2.6.1. Introduction

The GCenter can connect with external equipment such as:

• A Malware Information Sharing Platform server (MISP).

  The MISP server allows to retrieve the Compromise Indices in the form of detection rules usable by Sigflow.

  For more information, see the presentation of MISP Server.
• Gatewatcher Intelligence site or GBox server.

  This equipment allows a thorough analysis of malware detected by the GCenter.

  The GCenter sends the files (defined as suspicious or infected) and receives an analysis report.

  For more information, see the presentation of Intelligence site and GBox.
• SYSLOG servers via the syslog protocol.

  These servers (SIEM, SPLUNK, LOGSTASH) import the detection data from the GCenter for centralization of this information.

  For more information, see the overview of Syslog servers.
• A Netdata server via the Netdata export interface.

  The Netdata interface exports system state data to an external Netdata server.
  For more information, see the presentation of Netdata server.
• A Nagios monitoring server via the Netdata polling interface.

  The `Netdata polling` part enables access to data for a Nagios type monitoring server: it reads the information on the input interface.

  For more information, see the presentation of Access for a monitoring server.

---