2.6.3. Intelligence site and GBox

The GCenter enables to analyze the files coming from the GCap probe.
At the end of this analysis made by the different engines of GCenter, this analysis defines different states between healthy and malicious.
For intermediate states (Infected and Suspicious) defined by the Malcore and Retroact engines of the GCenter, a doubt may exist at the end of the analysis.
In order to have a thorough malware analysis, the GCenter can connect:

2.6.3.1. Intelligence site

The GCenter sends the files (defined as suspicious or infected) to the Intelligence site.
These files are analyzed by Intelligence engines and the site returns a detailed analysis report per file received.
The analysis report is visible on the GCenter to be read by an analyst.
You must have an Intelligence account to log in.
This account connects multiple GCenters to the Intelligence site.
The connection to the Intelligence site requires configuration.
For the implementation of this configuration, see the procedure of Configuring the connection to the Intelligence site.

Files can be sent:

Upon receipt of the report, it is possible to consult it (see Analysis Report Analysis Procedure).


2.6.3.2. Sending files to the GBox

The GCenter sends the files (defined as suspicious or infected to the GBox, physical equipment installed within the infrastructure.
Files (defined as suspicious or infected) can be sent automatically or manually.
These files are analyzed by the engines defined in the GBox template and the GBox returns a detailed analysis report per file received.
This file is visible on the GCenter to be read by an analyst.
The connection to the GBox requires configuration.
For the implementation of this configuration, see the procedure in Configuring the connection to the GBox.
After this connection, an API (Application Programming Interface) enables to send samples to the GBox for analysis and retrieve the results of the analyses:
Files can be sent:

Upon receipt of the report, it is possible to consult it (refer to Analysis Report Analysis Procedure).