2.6.3. Intelligence site and GBox
The GCenter enables to analyze the files coming from the GCap probe.
At the end of this analysis made by the different engines of GCenter, this analysis defines different states between healthy and malicious.
For intermediate states (Infected and Suspicious) defined by the Malcore and Retroact engines of the GCenter, a doubt may exist at the end of the analysis.
In order to have a thorough malware analysis, the GCenter can connect:
Either at the Intelligence site (https://intelligence.gatewatcher.com/): see the presentation of Intelligence site
Either to a GBox: see paragraph of Sending files to the GBox
2.6.3.1. Intelligence site
The GCenter sends the files (defined as suspicious or infected) to the Intelligence site.
These files are analyzed by Intelligence engines and the site returns a detailed analysis report per file received.
The analysis report is visible on the GCenter to be read by an analyst.
You must have an Intelligence account to log in.
This account connects multiple GCenters to the Intelligence site.
The connection to the Intelligence site requires configuration.
This is defined in Intelligence site and GBox login configuration screen.
For the implementation of this configuration, see the procedure of Configuring the connection to the Intelligence site.
Files can be sent:
Either manually by the operator directly from the interface (see Send file for external analysis to GCenter).
Or automatically
Upon receipt of the report, it is possible to consult it (see Analysis Report Analysis Procedure).
2.6.3.2. Sending files to the GBox
The GCenter sends the files (defined as suspicious or infected to the GBox, physical equipment installed within the infrastructure.
Files (defined as suspicious or infected) can be sent automatically or manually.
These files are analyzed by the engines defined in the GBox template and the GBox returns a detailed analysis report per file received.
This file is visible on the GCenter to be read by an analyst.
The connection to the GBox requires configuration.
This is defined in the Intelligence site and GBox login configuration screen.
For the implementation of this configuration, see the procedure in Configuring the connection to the GBox.
After this connection, an API (Application Programming Interface) enables to send samples to the GBox for analysis and retrieve the results of the analyses:
Files can be sent:
Either manually by the operator directly from the interface (refer to Send file for external analysis to GCenter)
Or automatically (defined during configuration)
Upon receipt of the report, it is possible to consult it (refer to Analysis Report Analysis Procedure).