GCenter Documentation V102
Last update 09/10/2024, Version 4

Table of contents

  • 1. Description
    • 1.1. Introduction
    • 1.2. Overview of the TAP
    • 1.3. Presentation of the GCap
    • 1.4. Presentation of the GCenter
      • 1.4.1. Different server models
      • 1.4.2. List of the GCenter inputs / outputs
        • 1.4.2.1. Use of USB and VGA connectors
        • 1.4.2.2. Access to the server's management and configuration interface
        • 1.4.2.3. `MGMT0` and `VPN0` network interfaces
        • 1.4.2.4. Network interfaces `ICAP0` and `SUP0`
        • 1.4.2.5. Electrical connection
        • 1.4.2.6. USB connector and LUKS key
      • 1.4.3. Failure of GCenter
    • 1.5. Presentation of the GBox
    • 1.6. Interconnection between devices
      • 1.6.1. Viewing communication flows
      • 1.6.2. Example of architectures
        • 1.6.2.1. Detection architecture diagram
        • 1.6.2.2. MPL 1 (PDIS 1 architecture diagram)
        • 1.6.2.3. MPL 2 (PDIS 2 architecture diagram)
  • 2. Operation
    • 2.1. Detection Engines
      • 2.1.1. Malcore engine
        • 2.1.1.1. Presentation
        • 2.1.1.2. Events generated
          • 2.1.1.2.1. Example of a Malcore alert in the webui
          • 2.1.1.2.2. Malcore log example
          • 2.1.1.2.3. Malcore log data structure
            • 2.1.1.2.3.1. The header part of Malcore logs
            • 2.1.1.2.3.2. The source part of Malcore logs
            • 2.1.1.2.3.3. The fields part of Malcore logs
        • 2.1.1.3. View the status of Malcore
        • 2.1.1.4. Update of malcore
        • 2.1.1.5. Gmalcore status and configuration
      • 2.1.2. Codebreaker Engine
        • 2.1.2.1. Presentation
        • 2.1.2.2. Events generated
          • 2.1.2.2.1. Codebreaker Shellcode
            • 2.1.2.2.1.1. Example of a Codebreaker Shellcode alert in the WebUI
              • Example of a Codebreaker Shellcode log
            • 2.1.2.2.1.2. Codebreaker Shellcode log data structure
              • The header part of the Codebreaker Shellcode logs
              • The source part of the Codebreaker Shellcode logs
              • The fields part of the Codebreaker Shellcode logs
          • 2.1.2.2.2. Codebreaker Powershell
            • 2.1.2.2.2.1. Example of a Codebreaker Powershell alert in the WebUI
            • 2.1.2.2.2.2. Codebreaker Powershell log example
            • 2.1.2.2.2.3. Codebreaker Powershell log data structure
              • The header part of the Codebreaker Powershell logs
              • The source part of the Codebreaker Powershell logs
              • The fields part of the Codebreaker Powershell logs
        • 2.1.2.3. Viewing the status of Codebreaker
        • 2.1.2.4. Codebreaker update
        • 2.1.2.5. Codebreaker Configuration
      • 2.1.3. Sigflow engine
        • 2.1.3.1. Presentation
        • 2.1.3.2. Organizing the rules
        • 2.1.3.3. Sigflow engine signature sources
        • 2.1.3.4. Rulesets
          • 2.1.3.4.1. Optimization of rulesets
          • 2.1.3.4.2. Changing signatures
            • 2.1.3.4.2.1. Definition of signatures
          • 2.1.3.4.3. Generating rulesets
            • 2.1.3.4.3.1. Secret Local Rule
        • 2.1.3.5. GCAP Profiles
          • 2.1.3.5.1. Detection Rulesets
            • 2.1.3.5.1.1. Single-tenant
            • 2.1.3.5.1.2. Multi-tenant by interface
            • 2.1.3.5.1.3. Multi-tenant by vlan
          • 2.1.3.5.2. Base variables
            • 2.1.3.5.2.1. Stream analysis and file extraction
            • 2.1.3.5.2.2. HTTP Proxy
            • 2.1.3.5.2.3. Payload
            • 2.1.3.5.2.4. Community ID
            • 2.1.3.5.2.5. Alerting and logging
          • 2.1.3.5.3. Net variables
          • 2.1.3.5.4. Flow timeouts
          • 2.1.3.5.5. Files rules management
          • 2.1.3.5.6. Packet filtering
        • 2.1.3.6. Events generated
          • 2.1.3.6.1. Example and log structure (Events) Sigflow
            • 2.1.3.6.1.1. Exemple d'un log Sigflow
            • 2.1.3.6.1.2. Structure of sigflow logs
              • The header part of the sigflow logs
              • The source part of the sigflow logs
              • The fields part of the sigflow logs
          • 2.1.3.6.2. Events of type "alert"
            • 2.1.3.6.2.1. Example of "alert" Sigflow events in the webui
            • 2.1.3.6.2.2. Log data of type "alert"
            • 2.1.3.6.2.3. Counters of the source part of Sigflow logs of alert type
          • 2.1.3.6.3. Events of type "fileinfo"
          • 2.1.3.6.4. Events of type "meta-data"
            • 2.1.3.6.4.1. List of fields present in all alerts with event_type!= ["alert", "fileinfo", "stats"]
            • 2.1.3.6.4.2. List of protocols compatible with logging (event_type field)
            • 2.1.3.6.4.3. Metadata counters
        • 2.1.3.7. View the status of Sigflow
        • 2.1.3.8. Sigflow update
        • 2.1.3.9. Sigflow Setup
      • 2.1.4. Machine Learning engine
        • 2.1.4.1. Introduction to the DGA Algorithm
          • 2.1.4.1.1. Activation
          • 2.1.4.1.2. Exception lists White List / Black List
          • 2.1.4.1.3. Displaying DGA alerts
        • 2.1.4.2. Events generated
          • 2.1.4.2.1. Example of a DGA alert in the webui
          • 2.1.4.2.2. Example of Machine Learning log
          • 2.1.4.2.3. Machine learning log data structure
            • 2.1.4.2.3.1. The header part of the Machine learning logs
            • 2.1.4.2.3.2. The source part of the Machine learning logs
            • 2.1.4.2.3.3. The fields part of the Machine learning logs
        • 2.1.4.3. Viewing the state of machine learning
        • 2.1.4.4. Machine Learning Update
        • 2.1.4.5. Machine Learning Setup
      • 2.1.5. Retroact engine
        • 2.1.5.1. Presentation
        • 2.1.5.2. Retroact analysis engine
        • 2.1.5.3. Counters associated with the Rétroact engine
        • 2.1.5.4. Viewing the status of Retroact
        • 2.1.5.5. Retroact Update
        • 2.1.5.6. Retroact Setup
      • 2.1.6. CTI engine, RetroHunt engine and ActiveHunt engine
        • 2.1.6.1. Presentation
        • 2.1.6.2. CTI module
        • 2.1.6.3. Configuring the CTI engine
        • 2.1.6.4. RetroHunt engine
        • 2.1.6.5. ActiveHunt engine
        • 2.1.6.6. Events generated by the RetroHunt engine
          • 2.1.6.6.1. Example of RetroHunt alert in the webui
        • 2.1.6.7. Example of a RetroHunt event
          • 2.1.6.7.1. RetroHunt log data structure
            • 2.1.6.7.1.1. The header part of RetroHunt logs
            • 2.1.6.7.1.2. The source part of the Machine learning logs
            • 2.1.6.7.1.3. The fields part of the RetroHunt logs
        • 2.1.6.8. Viewing the CTI Status
        • 2.1.6.9. CTI Update
      • 2.1.7. Detection by GScan
    • 2.2. Management of the GCenter software
      • 2.2.1. Presentation of GUM: dedicated module for managing updates
      • 2.2.2. Upgrade
        • 2.2.2.1. Minor update case
        • 2.2.2.2. In the case of a major update
        • 2.2.2.3. Upgrade path
      • 2.2.3. Update signatures and/or engines (update)
        • 2.2.3.1. Update Manual
        • 2.2.3.2. Update automatic
          • 2.2.3.2.1. Update Online
          • 2.2.3.2.2. Update Local
      • 2.2.4. Applying a patch (Hotfix)
      • 2.2.5. GUM Setup
        • 2.2.5.1. Different modes of updates
          • 2.2.5.1.1. Update type Online
          • 2.2.5.1.2. Update type Local
      • 2.2.6. Release note
      • 2.2.7. Overview of the backup and restoration
    • 2.3. Data use
      • 2.3.1. Detection data
        • 2.3.1.1. Export des données via le protocole Syslog
      • 2.3.2. Data related to detection results
      • 2.3.3. Management and system status data
        • 2.3.3.1. Viewing the system status
        • 2.3.3.2. Export system state data to remote servers
          • 2.3.3.2.1. Export data to a Netdata server
          • 2.3.3.2.2. Data retrieval by a Nagios server
        • 2.3.3.3. System management and configuration
      • 2.3.4. Data retention
      • 2.3.5. Deleting data
    • 2.4. GApps management
    • 2.5. Emergency mode
    • 2.6. Interconnection with external systems
      • 2.6.1. Introduction
      • 2.6.2. MISP Server
      • 2.6.3. Intelligence site and GBox
        • 2.6.3.1. Intelligence site
        • 2.6.3.2. Sending files to the GBox
      • 2.6.4. Syslog servers
        • 2.6.4.1. Introduction
        • 2.6.4.2. SIEM
        • 2.6.4.3. SIEM Splunk
        • 2.6.4.4. Logstash
      • 2.6.5. Netdata server
      • 2.6.6. Access for a monitoring server
    • 2.7. API
      • 2.7.1. Introduction
      • 2.7.2. Use via the swagger GUI
      • 2.7.3. Use via CURL
      • 2.7.4. Authentication and access to the API
    • 2.8. Results and analysis report
  • 3. Characteristics
    • 3.1. Mechanical characteristics of GCenter
    • 3.2. Electrical characteristics of GCenter
    • 3.3. Functional characteristics of GCenter
  • 4. Accounts
    • 4.1. List of accounts
    • 4.2. Account setup of the configuration menu
      • 4.2.1. Account of the configuration menu
      • 4.2.2. Related principles
        • 4.2.2.1. Authentication mode
        • 4.2.2.2. Password management
        • 4.2.2.3. Password management policy
        • 4.2.2.4. Anti-bruteforce system
      • 4.2.3. Functions allowed in the setup account
    • 4.3. Web interface accounts and their management
      • 4.3.1. Web Interface Accounts
      • 4.3.2. Functions allowed with the group or role `operator`
      • 4.3.3. Functions authorized with the group or role `administrator`
      • 4.3.4. Functions allowed in the admin account
      • 4.3.5. Summary tables of the menus per level
        • 4.3.5.1. Access via icon
        • 4.3.5.2. Main menu
        • 4.3.5.3. Config Menu
        • 4.3.5.4. Admin Menu
      • 4.3.6. Related principles
        • 4.3.6.1. Authentication mode
        • 4.3.6.2. Password management
        • 4.3.6.3. Password management policy
      • 4.3.7. Creating local users
      • 4.3.8. LDAP integration / Active Directory
      • 4.3.9. Audit trail
        • 4.3.9.1. Authentication history function
        • 4.3.9.2. Historical function of all creations or deletions
        • 4.3.9.3. History function for all changes in user rights
  • 5. Overview of the GCenter graphic interfaces
    • 5.1. Presentation of the configuration menu
    • 5.2. Overview of the WEB UI
      • 5.2.1. Navigation bar
      • 5.2.2. `Config` Menu
      • 5.2.3. `Admin` Menu
      • 5.2.4. Title bar
      • 5.2.5. Central screen
    • 5.3. Overview of the Kibana GUI
      • 5.3.1. Configuration of the Kibana GUI
      • 5.3.2. Native dashboards
      • 5.3.3. Data exploitation
    • 5.4. Overview of the traditional WEB UI (legacy WEB UI)
      • 5.4.1. Presentation of the legacy WEB UI
      • 5.4.2. Description of the legacy WEB UI
        • 5.4.2.1. Navigation bar of the legacy WEB UI
      • 5.4.3. Central screen of the legacy WEB UI
    • 5.5. Overview of the Netdata User Interface
    • 5.6. Presentation of graphical interfaces via the web browser
      • 5.6.1. Web UI `Home` screen
        • 5.6.1.1. `Home` screen dashboard selector
        • 5.6.1.2. `Home` screen display area
        • 5.6.1.3. `Home` screen message area
          • 5.6.1.3.1. MITRE Icons
      • 5.6.2. Web UI `Health checks` screen
        • 5.6.2.1. The `GLOBAL STATUS`
        • 5.6.2.2. The `IDS` zone
        • 5.6.2.3. The `MALWARE STATUS`
        • 5.6.2.4. The `ENGINES DATA`
        • 5.6.2.5. Engine restart
      • 5.6.3. Web UI `Top risk` screen
        • 5.6.3.1. Dashboard Selector
        • 5.6.3.2. `RISK TIMELINE` zone
        • 5.6.3.3. `ASSETS` zone
        • 5.6.3.4. `ASSETS RISK` zone
        • 5.6.3.5. `STATS` zone
        • 5.6.3.6. `USERS RISK` zone
      • 5.6.4. Web UI `Top Relations` screen
      • 5.6.5. Web UI `Overview` screen
        • 5.6.5.1. `Overview` screen : dashboard selector
        • 5.6.5.2. `Overview` screen alerts list display area
        • 5.6.5.3. `DETECTIONS BY MITRE TACTICS` zone of the `Overview` screen
          • 5.6.5.3.1. MITRE Icons
        • 5.6.5.4. `DETECTIONS BY ALERTE TACTICS` zone of the `Overview` screen
        • 5.6.5.5. `ALERTS TYPE RISK RANKING` zone of the `Overview` screen
      • 5.6.6. Web UI `Relations` screen
      • 5.6.7. Web UI `Hunting` screen
      • 5.6.8. Web UI `Assets` screen
        • 5.6.8.1. `Assets` screen dashboard selector
        • 5.6.8.2. Active equipment list display area
      • 5.6.9. Web UI `Users` screen
        • 5.6.9.1. `Users` screen dashboard selector
        • 5.6.9.2. User list display area
      • 5.6.10. Web UI `Alerts` screen
        • 5.6.10.1. `Alerts` screen dashboard selector
        • 5.6.10.2. Display area for the list of alerts in aggregate mode
        • 5.6.10.3. Display area for the list of alerts in non-aggregated mode
        • 5.6.10.4. The sub menu `ACTIONS`
          • 5.6.10.4.1. Commands for an IDS
          • 5.6.10.4.2. Commands for a malware
          • 5.6.10.4.3. Commands for a shellcode
          • 5.6.10.4.4. Commands for a powershell
          • 5.6.10.4.5. Orders for a DGA (C&C)
          • 5.6.10.4.6. Commands for an APT
        • 5.6.10.5. Alert information window
      • 5.6.11. Web UI `GScan` screen
      • 5.6.12. Web UI `Config - Metadata rate limiter` screen
      • 5.6.13. Web UI `Config - Assets/Users Association rules` screen
        • 5.6.13.1. `Asset detection network range` section of the `Assets/Users Association rules` sub menu
        • 5.6.13.2. `Static IP- Asset mapping` section of the sub menu `Assets/Users Association rules`
        • 5.6.13.3. `Ignored IP for users association` section of the sub menu `Assets/Users Association rules`
        • 5.6.13.4. `Ignored MAC for assets association` section of the sub menu `Assets/Users Association rules`
        • 5.6.13.5. `Forbidden users` section of the sub menu `Assets/Users Association rules`
        • 5.6.13.6. `Forbidden assets` section of the sub menu `Assets/Users Association rules`
      • 5.6.14. Web UI `Config - Gcaps profiles` screen
        • 5.6.14.1. `Detection Rulesets` section of the `Config Gcaps profiles` menu
        • 5.6.14.2. `Base variables` section of the `Config Gcaps profiles` menu
          • 5.6.14.2.1. `Stream analysis and file extraction` zone
            • 5.6.14.2.1.1. Description of the `Stream analysis and file extraction` zone
            • 5.6.14.2.1.2. Default configuration of the `Base variables` section
          • 5.6.14.2.2. `HTTP Proxy` zone
            • 5.6.14.2.2.1. Description of the `HTTP Proxy` zone
            • 5.6.14.2.2.2. Default configuration of the `HTTP Proxy` zone settings
          • 5.6.14.2.3. `Payload` zone
            • 5.6.14.2.3.1. Description of the `Payload` zone
            • 5.6.14.2.3.2. Default configuration of the `Payload` zone settings
          • 5.6.14.2.4. `Community ID` zone
            • 5.6.14.2.4.1. Description of the `Community ID` zone
            • 5.6.14.2.4.2. Default configuration of the `Community ID` zone settings
          • 5.6.14.2.5. `Alerting and logging` zone
            • 5.6.14.2.5.1. Description of the `Alerting and logging` zone
            • 5.6.14.2.5.2. Default settings for existing profiles available
        • 5.6.14.3. `Net variables` section of the `Config Gcaps profiles` menu
          • 5.6.14.3.1. Information on the `Net variables` section
          • 5.6.14.3.2. Description of the `Net variables` zone
          • 5.6.14.3.3. Default configuration of the `Net variables` section
        • 5.6.14.4. `Flow timeouts` section of the `Config Gcaps profiles` menu
          • 5.6.14.4.1. Description of the `Flow timeouts` section
          • 5.6.14.4.2. Default configuration of the `Flow timeouts` section
        • 5.6.14.5. `File rule management` section of the `Config Gcaps profiles` menu
          • 5.6.14.5.1. Information on the `File rule management` section
          • 5.6.14.5.2. Description the `File rule management` section
          • 5.6.14.5.3. Rules applied depending on the GCap profile used
        • 5.6.14.6. `Packet filters` section of the `Config Gcaps profiles` menu
          • 5.6.14.6.1. Information on the `Packet filters` section
          • 5.6.14.6.2. Description the `Packet filters` section
      • 5.6.15. Web UI `Admin-NDR configuration` screen
      • 5.6.16. `Config - sigflow/sources` screen of the legacy web UI
      • 5.6.17. `Config - sigflow/rulesets` screen of the legacy web UI
      • 5.6.18. `Config - sigflow/MISP` screen of the legacy web UI
      • 5.6.19. `Admin-GCaps pairing and status` screen of the legacy Web UI
        • 5.6.19.1. `Gcap defaut profile` zone
          • 5.6.19.1.1. Profile information
          • 5.6.19.1.2. Updating the profile
        • 5.6.19.2. `Gcap pairing and status` zone
      • 5.6.20. `Admin-Backup/Restore - Configuration` screen of the legacy web UI
        • 5.6.20.1. `FTP` choice settings
        • 5.6.20.2. `SCP` choice settings
      • 5.6.21. `Admin-Backup/Restore - Operations` screen of the legacy web UI
        • 5.6.21.1. `Backup list` section
        • 5.6.21.2. `Make a backup` section
        • 5.6.21.3. `Restore operations` section
        • 5.6.21.4. `Scheduled backup` section
      • 5.6.22. `Admin- GUM - Config` screen of the legacy web UI
        • 5.6.22.1. `General settings` section
        • 5.6.22.2. `Remote settings` setting in `Local` version
        • 5.6.22.3. `Remote settings` section in `Online` version
      • 5.6.23. `Admin-GUM- Threat DB update` screen of the legacy web UI
      • 5.6.24. `Admin-GUM- Software update` screen of the legacy web UI
      • 5.6.25. `Admin-GCenter- Monitor` screen of the legacy web UI
        • 5.6.25.1. General presentation and navigation agreement
        • 5.6.25.2. `Basic host stats` section
        • 5.6.25.3. `ELASTIC SEARCH STATS` section
        • 5.6.25.4. `GCENTER GLOBAL DB STATS` section
        • 5.6.25.5. `GWEB STATS` section
        • 5.6.25.6. `LIVE FEED SERVICE STATS` section
        • 5.6.25.7. `NETWORK STATS` section
      • 5.6.26. `Admin-GCenter- Data exports` screen of the legacy web UI
        • 5.6.26.1. Introduction
        • 5.6.26.2. Setting up the connection
        • 5.6.26.3. General settings
        • 5.6.26.4. Filtering Parameters
        • 5.6.26.5. Encryption
      • 5.6.27. `Admin-GCenter- Data Management` screen of the legacy web UI
      • 5.6.28. `Admin-GCenter- ML Management` screen of the legacy web UI
        • 5.6.28.1. `Settings` section of the `DGA Detection Management` category
        • 5.6.28.2. `White List` section of the `DGA Detection Management` category
        • 5.6.28.3. `Black List` section of the `DGA Detection Management` category
      • 5.6.29. `Admin-GCenter- Malcore Management` screen of the legacy web UI
        • 5.6.29.1. `Global settings` section of the `Malcore Management` submenu
        • 5.6.29.2. `White List` section of the `Malcore Management` submenu
        • 5.6.29.3. `Black List` section of the `Malcore Management` submenu
      • 5.6.30. `Admin-GCenter- Third-party modules` screen of the legacy web UI
        • 5.6.30.1. MISP Connection Configuration Screen
        • 5.6.30.2. Intelligence site and GBox login configuration screen
          • 5.6.30.2.1. Tab `CONFIGURATION`
          • 5.6.30.2.2. Tab `SECURITY`
      • 5.6.31. `Admin-GCenter- Diagnostics` screen of the legacy web UI
      • 5.6.32. `Admin-GCenter- Accounts` screen of the legacy web UI
        • 5.6.32.1. The `Authentications history` section of the `Accounts` submenu
        • 5.6.32.2. The `Creations/Deletions history` section of the `Accounts` submenu
        • 5.6.32.3. The `Permissions history` section of the `Accounts` submenu
        • 5.6.32.4. The `Users management` section of the `Accounts` submenu
        • 5.6.32.5. The `LDAP configuration` section of the `Accounts` submenu
          • 5.6.32.5.1. The `LDAP interconnection status` area (1)
          • 5.6.32.5.2. The `LDAP authentication settings` area (2)
          • 5.6.32.5.3. The `LDAP server binding settings` area (5)
          • 5.6.32.5.4. The `LDAP users and groups mapping` area (7)
          • 5.6.32.5.5. The `LDAP advanced settings` area (9)
        • 5.6.32.6. The `API Keys` section of the `Accounts` submenu
        • 5.6.32.7. The `Password Policy` section of the `Accounts` submenu
          • 5.6.32.7.1. General settings
          • 5.6.32.7.2. Password settings
      • 5.6.33. `Admin-GCenter-Configuration` screen of the legacy web UI
        • 5.6.33.1. `Netdata polling` section
        • 5.6.33.2. `Netdata Export` section
        • 5.6.33.3. `Global settings` section
        • 5.6.33.4. `Proxy settings` section
        • 5.6.33.5. `SSL settings` section
          • 5.6.33.5.1. `Security details` area
          • 5.6.33.5.2. `Custom Certificate` area
          • 5.6.33.5.3. `Dual authentication` area
        • 5.6.33.6. `Session age settings` section
        • 5.6.33.7. `License information` section
          • 5.6.33.7.1. `License details` area
          • 5.6.33.7.2. `License features` area
      • 5.6.34. `Admin-GCenter- CTI Configuration` screen of the legacy web UI
        • 5.6.34.1. `GENERAL` section
        • 5.6.34.2. `LICENSE` section
      • 5.6.35. `Admin-GCenter Trackwatch logs` screen of the legacy web UI
    • 5.7. Graphical API
      • 5.7.1. Overview of the API interface
        • 5.7.1.1. Detail for an endpoint
          • 5.7.1.1.1. Zone `Responses` if the `Try it out` button is not activated
            • 5.7.1.1.1.1. Sample Output Template
          • 5.7.1.1.2. Example with default values
          • 5.7.1.1.3. Zone `Responses` if the `Try it out button is activated
      • 5.7.2. Endpoints list
  • 6. Use case of the configuration menu: setup account
    • 6.1. Direct connection to the GCenter configuration menu with keyboard and monitor
      • 6.1.1. Introduction
      • 6.1.2. Preliminary operations
      • 6.1.3. Procedure to connect the monitor and keyboard
      • 6.1.4. Procedure to find out or changing the iDRAC network settings via the BIOS
    • 6.2. Direct connection to the GCenter configuration menu in HTTP via iDRAC (DELL server)
      • 6.2.1. Introduction
      • 6.2.2. Preliminary operations
      • 6.2.3. Procedure
    • 6.3. Direct connection to the GCenter configuration menu SSH via the iDRAC interface in serial port forwarding mode
      • 6.3.1. Introduction
      • 6.3.2. Preliminary operations
      • 6.3.3. Procedure on the remote PC running Linux
      • 6.3.4. Procedure on the remote PC running Windows
    • 6.4. Direct connection to the GCenter configuration menu via SSH
      • 6.4.1. Introduction
      • 6.4.2. Preliminary operations
      • 6.4.3. Procedure on the remote PC running Linux
      • 6.4.4. Procedure on the remote PC running Windows
    • 6.5. `About` command
      • 6.5.1. Introduction
      • 6.5.2. Prerequisites
      • 6.5.3. Preliminary operations
      • 6.5.4. Procedure
    • 6.6. `Tech Support` command
      • 6.6.1. Introduction
      • 6.6.2. Prerequisites
      • 6.6.3. Preliminary operations
      • 6.6.4. Procedure
    • 6.7. `Keyboard` command
      • 6.7.1. Introduction
      • 6.7.2. Prerequisites
      • 6.7.3. Preliminary operations
      • 6.7.4. Procedure
    • 6.8. `Password` command
      • 6.8.1. Introduction
      • 6.8.2. Prerequisites
      • 6.8.3. Preliminary operations
      • 6.8.4. Procedure
    • 6.9. `DateTime` command
      • 6.9.1. Introduction
      • 6.9.2. Prerequisites
      • 6.9.3. Preliminary operations
      • 6.9.4. Procedure
    • 6.10. `Network` command
      • 6.10.1. Introduction
      • 6.10.2. Prerequisites
      • 6.10.3. Preliminary operations
      • 6.10.4. Procedure
    • 6.11. `Arp Manager` command
      • 6.11.1. Introduction
      • 6.11.2. Prerequisites
      • 6.11.3. Preliminary operations
      • 6.11.4. Procedure A: Using the `Arp Manager` command
      • 6.11.5. Procedure B: Adding an ARP entry
      • 6.11.6. Procedure C: Delete an ARP entry
      • 6.11.7. Procedure D: Clearing the ARP cache
    • 6.12. `VPN MTU` command
      • 6.12.1. Introduction
      • 6.12.2. Prerequisites
      • 6.12.3. Preliminary operations
      • 6.12.4. Procedure
    • 6.13. `Diagnose` command
      • 6.13.1. Introduction
      • 6.13.2. Prerequisites
      • 6.13.3. Preliminary operations
      • 6.13.4. Procedure
    • 6.14. `Upgrade type` command
      • 6.14.1. Introduction
      • 6.14.2. Prerequisites
      • 6.14.3. Preliminary operations
      • 6.14.4. Procedure
    • 6.15. `Gcenter Services Management` command
      • 6.15.1. Introduction
      • 6.15.2. Prerequisites
      • 6.15.3. Preliminary operations
      • 6.15.4. Procedure A: Using the `Gcenter Services Management` command
      • 6.15.5. Procedure B: Restarting an application
      • 6.15.6. Procedure C: Reset a service
      • 6.15.7. Procedure D: Restarting an application
    • 6.16. Commande `Elasticsearch storage mode`
      • 6.16.1. Introduction
      • 6.16.2. Prerequisites
      • 6.16.3. Preliminary operations
      • 6.16.4. Procedure
    • 6.17. `LPM Mode` command
      • 6.17.1. Introduction
      • 6.17.2. Prerequisites
      • 6.17.3. Preliminary operations
      • 6.17.4. Procedure
    • 6.18. `Restart` command
      • 6.18.1. Introduction
      • 6.18.2. Prerequisites
      • 6.18.3. Preliminary operations
      • 6.18.4. Procedure
    • 6.19. `Shutdown` command
      • 6.19.1. Introduction
      • 6.19.2. Prerequisites
      • 6.19.3. Preliminary operations
      • 6.19.4. Procedure
    • 6.20. `Reset` command
      • 6.20.1. Introduction
      • 6.20.2. Prerequisites
      • 6.20.3. Preliminary operations
      • 6.20.4. Procedure
    • 6.21. `Exit` command
      • 6.21.1. Introduction
      • 6.21.2. Prerequisites
      • 6.21.3. Preliminary operations
      • 6.21.4. Procedure
  • 7. Use cases at the operator or analyst level
    • 7.1. Connection to the GCenter web interface via a web browser
      • 7.1.1. Introduction
      • 7.1.2. Prerequisites
      • 7.1.3. Preliminary operations
      • 7.1.4. Procedure
    • 7.2. Managing local users
      • 7.2.1. Changing the current account password
        • 7.2.1.1. Introduction
        • 7.2.1.2. Prerequisites
        • 7.2.1.3. Preliminary operations
        • 7.2.1.4. Procedure
      • 7.2.2. Changing some of the current user's information
        • 7.2.2.1. Introduction
        • 7.2.2.2. Prerequisites
        • 7.2.2.3. Preliminary operations
        • 7.2.2.4. Procedure
    • 7.3. Configuring the Sigflow engine
      • 7.3.1. SIGFLOW engine rule sources
        • 7.3.1.1. Introduction
        • 7.3.1.2. Prerequisites
        • 7.3.1.3. Preliminary operations
        • 7.3.1.4. Procedure to view the existing sources
        • 7.3.1.5. Procedure to add a public source
        • 7.3.1.6. Procedure to add a custom source
        • 7.3.1.7. Procedure to delete a source
        • 7.3.1.8. Procedure to edit a source
        • 7.3.1.9. Procedure to update a source
      • 7.3.2. Creating a SIGFLOW engine ruleset
        • 7.3.2.1. Introduction
        • 7.3.2.2. Prerequisites
        • 7.3.2.3. Preliminary operations
        • 7.3.2.4. Procedure to create a ruleset
        • 7.3.2.5. Procedure to display an existing ruleset
        • 7.3.2.6. Procedure to copy a ruleset
        • 7.3.2.7. Procedure to delete a ruleset
        • 7.3.2.8. Procedure to edit a ruleset
        • 7.3.2.9. Procedure to export a ruleset
        • 7.3.2.10. Procedure to update a ruleset
      • 7.3.3. Modifying SIGFLOW engine rules
        • 7.3.3.1. Introduction
          • 7.3.3.1.1. Transform rule
            • 7.3.3.1.1.1. Concept
            • 7.3.3.1.1.2. Parameters
          • 7.3.3.1.2. Threshold rule
          • 7.3.3.1.3. Suppress rule
        • 7.3.3.2. Prerequisites
        • 7.3.3.3. Preliminary operations
        • 7.3.3.4. Procedure to setup a transformation rule
        • 7.3.3.5. Procedure to disable a rule
        • 7.3.3.6. Procedure to enable a rule
        • 7.3.3.7. Procedure to setup a threshold rule
        • 7.3.3.8. Procedure to setup a suppress rule
      • 7.3.4. Generating a SIGFLOW engine ruleset
        • 7.3.4.1. Introduction
        • 7.3.4.2. Prerequisites
        • 7.3.4.3. Preliminary operations
        • 7.3.4.4. Procedure
    • 7.4. Configuring GCaps
      • 7.4.1. Configure Codebreaker then apply the Sigflow rulesets to the GCaps
        • 7.4.1.1. Introduction
        • 7.4.1.2. Prerequisites
        • 7.4.1.3. Preliminary operations
        • 7.4.1.4. Procedure to setup the `single-tenant`
        • 7.4.1.5. Procedure to setup the `Multi-tenant by interface`
        • 7.4.1.6. Procedure to setup the `Multi-tenant by vlan`
      • 7.4.2. Configure GCap Sigflow module specific parameters (Base variables)
        • 7.4.2.1. Introduction
        • 7.4.2.2. Prerequisites
        • 7.4.2.3. Preliminary operations
        • 7.4.2.4. Procedure to change the reconstruction size of files
        • 7.4.2.5. Procedure to configure the fields present in the events
        • 7.4.2.6. Procedure to configure the alerting and logging protocol
      • 7.4.3. Configure network variables used by rules (Net variables)
        • 7.4.3.1. Introduction
        • 7.4.3.2. Prerequisites
        • 7.4.3.3. Preliminary operations
        • 7.4.3.4. Procedure to setup the network variables
        • 7.4.3.5. Procedure to load a configuration
      • 7.4.4. Configure File Reconstruction Rules (File rules management)
        • 7.4.4.1. Introduction
        • 7.4.4.2. Prerequisites
        • 7.4.4.3. Preliminary operations
        • 7.4.4.4. Procedure to set up the file reconstruction
        • 7.4.4.5. Procedure to load a saved configuration
        • 7.4.4.6. Procedure to add a rebuilding rule
      • 7.4.5. Configure filters on targeted parts of the analyzed traffic (Packet filters)
        • 7.4.5.1. Introduction
        • 7.4.5.2. Prerequisites
        • 7.4.5.3. Preliminary operations
        • 7.4.5.4. Procedure to set up the filter
        • 7.4.5.5. Procedure to configure the VLAN
    • 7.5. Use of NDR dashboards
      • 7.5.1. Introduction
      • 7.5.2. Prerequisites
      • 7.5.3. Preliminary operations
      • 7.5.4. Procedure to retrieve information related to an alert
      • 7.5.5. Procedure to process the equipment
      • 7.5.6. Procedure to process the users
      • 7.5.7. Procedure to manage association rules
      • 7.5.8. Procedure to analyse the relationship between equipment and users
    • 7.6. Use of Kibana dashboards
      • 7.6.1. Introduction
      • 7.6.2. Prerequisites
      • 7.6.3. Preliminary operations
      • 7.6.4. Procedure introducing the Kibana investigation method
    • 7.7. Detection procedure by Gscan
      • 7.7.1. Introduction
      • 7.7.2. Prerequisites
      • 7.7.3. Preliminary operations
      • 7.7.4. Procedure
      • 7.7.5. Ex post facto search procedure
      • 7.7.6. Procedure to view the history
    • 7.8. Send file for external analysis to GCenter
      • 7.8.1. Introduction
      • 7.8.2. Prerequisites
      • 7.8.3. Preliminary operations
      • 7.8.4. Procedure to acces to the `Alerts` screen
      • 7.8.5. Procedure to send the file to the remote server
      • 7.8.6. Procedure to download the report
    • 7.9. Analysis Report Analysis Procedure
      • 7.9.1. Introduction
      • 7.9.2. Prerequisites
      • 7.9.3. Opérations préliminaires
      • 7.9.4. Procedure to analyse the `Error` Status
      • 7.9.5. Procedure to analyse the `Clean` status
      • 7.9.6. Procedure to analyse the `Malicious` status
    • 7.10. Configuring Metadata Rate Limiters
      • 7.10.1. Introduction
      • 7.10.2. Prerequisites
      • 7.10.3. Preliminary operations
      • 7.10.4. Procedure to view metadata
      • 7.10.5. Procedure to setup the limiter then activate
    • 7.11. Logging out of the GCenter web interface
      • 7.11.1. Introduction
      • 7.11.2. Prerequisites
      • 7.11.3. Preliminary operations
      • 7.11.4. Procedure
  • 8. Use cases of the administrator level
    • 8.1. Connecting to the GCenter web interface via a web browser
      • 8.1.1. Introduction
      • 8.1.2. Prerequisites
      • 8.1.3. Preliminary operations
      • 8.1.4. Procedure
    • 8.2. Configuring the NDR
      • 8.2.1. Introduction
        • 8.2.1.1. The `Assets and users tracking` and `Relationship tracking` functions
        • 8.2.1.2. Elasticsearch retention period
      • 8.2.2. Prerequisites
      • 8.2.3. Preliminary operations
      • 8.2.4. Procedure to access the `Data Exports` window for an administrator account
      • 8.2.5. Procedure to enable the `Assets and users tracking` and `Relationship tracking` functions
      • 8.2.6. Procedure to disable the `Assets and users tracking` and `Relationship tracking` functions
      • 8.2.7. Procedure to configure the Elasticsearch retention time
    • 8.3. Administrating a GCap
      • 8.3.1. Pairing a GCap with the GCenter
        • 8.3.1.1. Introduction
        • 8.3.1.2. Prerequisites
        • 8.3.1.3. Preliminary operations
        • 8.3.1.4. Procedure to display the IP address of the GCenter
        • 8.3.1.5. Procedure to set the GCenter IP on the GCap
        • 8.3.1.6. Procedure to access the `GCaps pairing and status` window for an administrator account
        • 8.3.1.7. Procedure to set the compatibility mode on the GCap
        • 8.3.1.8. Procedure to declare the GCap in the GCenter
        • 8.3.1.9. Procedure to pair the GCap and the GCenter
      • 8.3.2. Re-pairing a GCap
        • 8.3.2.1. Introduction
        • 8.3.2.2. Prerequisites
        • 8.3.2.3. Preliminary operations
        • 8.3.2.4. Procedure to access the `GCaps pairing and status` window for an administrator account
        • 8.3.2.5. Procedure
      • 8.3.3. Change the default profile or customise the existing profile
        • 8.3.3.1. Introduction
        • 8.3.3.2. Prerequisites
        • 8.3.3.3. Preliminary operations
        • 8.3.3.4. Procedure to access to the `Data exports` window for an administrator account
        • 8.3.3.5. Procedure to change the default profile for future pairings
        • 8.3.3.6. Procedure to customise the default profile
      • 8.3.4. Delete a GCap connected to the GCenter
        • 8.3.4.1. Introduction
        • 8.3.4.2. Prerequisites
        • 8.3.4.3. Preliminary operations
        • 8.3.4.4. Procedure to access to the `GCaps pairing and status` window for an administrator account
        • 8.3.4.5. Procedure to delete
    • 8.4. Managing the GCenter backup and restoration
      • 8.4.1. Backup configuration
        • 8.4.1.1. Introduction
        • 8.4.1.2. Prerequisites
        • 8.4.1.3. Preliminary operations
        • 8.4.1.4. Procedure to access the `Backup Configuration` screen
        • 8.4.1.5. Procedure to enable backup scheduling
        • 8.4.1.6. Procedure to setup the backup
      • 8.4.2. Backup
        • 8.4.2.1. Introduction
        • 8.4.2.2. Prerequisites
        • 8.4.2.3. Preliminary operations
        • 8.4.2.4. Procedure to start a manual backup
      • 8.4.3. Restoration
        • 8.4.3.1. Introduction
        • 8.4.3.2. Prerequisites
        • 8.4.3.3. Preliminary operations
        • 8.4.3.4. Procedure to access the restoration interface
        • 8.4.3.5. Procedure to follow the upgrade and hotfix paths
          • 8.4.3.5.1. Procedure to restore a backup to the same GCenter
          • 8.4.3.5.2. Procedure to restore a backup
          • 8.4.3.5.3. Procedure to restore a backup to another blank GCenter
    • 8.5. Managing of the GCenter software
      • 8.5.1. Configuring automatic update via GUM
        • 8.5.1.1. Introduction
        • 8.5.1.2. Prerequisites
        • 8.5.1.3. Preliminary operations
        • 8.5.1.4. Procedure to access the `Configuration` screen
        • 8.5.1.5. Procedure to setup the Online Mode
        • 8.5.1.6. Procedure to configure the local mode
      • 8.5.2. Manual installation of an update of signatures and/or anti-viral engines (update)
        • 8.5.2.1. Introduction
        • 8.5.2.2. Prerequisites
        • 8.5.2.3. Preliminary operations
        • 8.5.2.4. Procedure to update the signature files in manual mode
      • 8.5.3. Installing a hotfix
        • 8.5.3.1. Introduction
        • 8.5.3.2. Prerequisites
        • 8.5.3.3. Preliminary operations
        • 8.5.3.4. Procedure to apply a hotfix
      • 8.5.4. Installing of an upgrade
        • 8.5.4.1. Introduction
        • 8.5.4.2. Prerequisites
        • 8.5.4.3. Preliminary operations
        • 8.5.4.4. Procedure to apply a GCenter upgrade
        • 8.5.4.5. Procedure to apply a GCap upgrade
    • 8.6. Administrating the GCenter
      • 8.6.1. Export data to a SIEM via the syslog protocol
        • 8.6.1.1. Introduction
        • 8.6.1.2. Prerequisites
        • 8.6.1.3. Preliminary operations
        • 8.6.1.4. Procedure to access the `Data exports` window for an administrator account
        • 8.6.1.5. Procédure to set the export settings
        • 8.6.1.6. Procedure to activate
      • 8.6.2. Export data to a SPLUNK SIEM via the syslog protocol
        • 8.6.2.1. Introduction
        • 8.6.2.2. Prerequisites
        • 8.6.2.3. Preliminary operations
        • 8.6.2.4. Procedure to access to the `Data exports` window for an administrator account
        • 8.6.2.5. Procedure to setup the general settings
        • 8.6.2.6. Procedure to setup the filtration parameters
        • 8.6.2.7. Procedure to configure encryption settings
          • 8.6.2.7.1. Procedure to be performed on the SPLUNK server
          • 8.6.2.7.2. Procedure to configure the data receipt
          • 8.6.2.7.3. Composition of the Technological Add-On (TA)
            • 8.6.2.7.3.1. File props.conf
            • 8.6.2.7.3.2. File transforms.conf
            • 8.6.2.7.3.3. File eventtype.conf
            • 8.6.2.7.3.4. File tags.conf
      • 8.6.3. Export data to a ETL Logstash via the syslog protocol
        • 8.6.3.1. Introduction
        • 8.6.3.2. Prerequisites
        • 8.6.3.3. Preliminary operations
        • 8.6.3.4. Procedure to access the `Data exports` window for an administrator account
        • 8.6.3.5. Procedure to setup the general parameters
        • 8.6.3.6. Procedure to setup the filtration parameters
        • 8.6.3.7. Procedure to configure encryption settings
        • 8.6.3.8. Procedure to be performed on the server
          • 8.6.3.8.1. Pipeline Logstash
      • 8.6.4. Quick creation of a POC Logstash
        • 8.6.4.1. Introduction
        • 8.6.4.2. Prerequisites
        • 8.6.4.3. Preliminary operations
        • 8.6.4.4. Procedure
      • 8.6.5. Configuring the connection to the MISP
        • 8.6.5.1. Introduction
        • 8.6.5.2. Prerequisites
        • 8.6.5.3. Preliminary operations
        • 8.6.5.4. Procedure to access the `MISP settings`
        • 8.6.5.5. Procedure to view the current status
        • 8.6.5.6. Procedure to configure the connection
        • 8.6.5.7. Procedure to configure the manual MISP Rule Update
        • 8.6.5.8. Procedure to configure Automatic MISP Rule Update
      • 8.6.6. Configuring the connection to the Intelligence site
        • 8.6.6.1. Introduction
        • 8.6.6.2. Prerequisites
        • 8.6.6.3. Preliminary operations
        • 8.6.6.4. Procedure to access to the `Interconnection settings`
        • 8.6.6.5. Procedure to test the current setting
        • 8.6.6.6. Procedure to configure the connection
      • 8.6.7. Configuring the connection to the GBox
        • 8.6.7.1. Introduction
        • 8.6.7.2. Prerequisites
        • 8.6.7.3. Preliminary operations
        • 8.6.7.4. Procedure to acces to the `Interconnection settings` setting
        • 8.6.7.5. Procedure to test the current setting
        • 8.6.7.6. Procedure to configure the connection
        • 8.6.7.7. Procedure to setup the Malcore Engine
      • 8.6.8. Deleting data (log files)
        • 8.6.8.1. Introduction
        • 8.6.8.2. Prerequisites
        • 8.6.8.3. Preliminary operations
        • 8.6.8.4. Procedure to access to the `Data deletion` window for an administrator account
        • 8.6.8.5. Procedure to change certain user information
      • 8.6.9. Generating and loading files for diagnosis
        • 8.6.9.1. Introduction
        • 8.6.9.2. Prerequisites
        • 8.6.9.3. Preliminary operations
        • 8.6.9.4. Procedure to access the `Diagnostics` window for an administrator account
        • 8.6.9.5. Procedure to generate and load diagnostic files
      • 8.6.10. Using an endpoint API
        • 8.6.10.1. Introduction
        • 8.6.10.2. Prerequisites
        • 8.6.10.3. Preliminary operations
        • 8.6.10.4. Procedure to acces to API
        • 8.6.10.5. Procedure to run an endpoint
        • 8.6.10.6. Procedure to modify the token associated with the request
    • 8.7. Managing user accounts
      • 8.7.1. Creating local users
        • 8.7.1.1. Introduction
        • 8.7.1.2. Prerequisites
        • 8.7.1.3. Preliminary operations
        • 8.7.1.4. Procedure to access the `Users management` screen
        • 8.7.1.5. Procedure to create a new user
      • 8.7.2. Changing some of a local user's information
        • 8.7.2.1. Introduction
        • 8.7.2.2. Prerequisites
        • 8.7.2.3. Preliminary operations
        • 8.7.2.4. Procedure to access to the `Users management` window for an administrator account
        • 8.7.2.5. Procedure to change certain user information
      • 8.7.3. Resetting a local user's password
        • 8.7.3.1. Introduction
        • 8.7.3.2. Prerequisites
        • 8.7.3.3. Preliminary operations
        • 8.7.3.4. Procedure to access to the `Users management` window for an administrator account
        • 8.7.3.5. Procedure to reset a user's password
      • 8.7.4. Deleting a local user
        • 8.7.4.1. Introduction
        • 8.7.4.2. Prerequisites
        • 8.7.4.3. Preliminary operations
        • 8.7.4.4. Procedure to access the `Users management` window for an administrator account
        • 8.7.4.5. Procedure to delete a new user
      • 8.7.5. Displaying of the connection status between the GCenter and the LDAP server
        • 8.7.5.1. Introduction
        • 8.7.5.2. Prerequisites
        • 8.7.5.3. Preliminary operations
        • 8.7.5.4. Procedure to access to the `LDAP configuration` window for an administrator account
        • 8.7.5.5. Procedure to view the status
      • 8.7.6. Enable the connection between the GCenter and the LDAP server
        • 8.7.6.1. Introduction
        • 8.7.6.2. Prerequisites
        • 8.7.6.3. Preliminary operations
        • 8.7.6.4. Procedure to enable the LDAP functionality
      • 8.7.7. Configuring the connection between the GCenter and the LDAP server
        • 8.7.7.1. Introduction
        • 8.7.7.2. Prerequisites
        • 8.7.7.3. Preliminary operations
        • 8.7.7.4. Procedure to access to the `LDAP configuration` window for an administrator account
        • 8.7.7.5. Procedure to change the settings for the `LDAP server binding settings` area (5)
        • 8.7.7.6. Procedure to change the settings for the `LDAP advanced settings` area (9)
      • 8.7.8. Configuring the users and groups defined on LDAP / ActiveDirectory
        • 8.7.8.1. Introduction
        • 8.7.8.2. Prerequisites
        • 8.7.8.3. Preliminary operations
        • 8.7.8.4. Procedure to access to the `LDAP configuration` window for an administrator account
        • 8.7.8.5. Procedure to change the settings for the `LDAP users and groups mapping` area (7)
      • 8.7.9. Viewing the authentication history
        • 8.7.9.1. Introduction
        • 8.7.9.2. Prerequisites
        • 8.7.9.3. Preliminary operations
        • 8.7.9.4. Procedure to access to the `Authentications history` window for an administrator account
        • 8.7.9.5. Procedure
      • 8.7.10. Viewing the history of user creations or deletions
        • 8.7.10.1. Introduction
        • 8.7.10.2. Prerequisites
        • 8.7.10.3. Preliminary operations
        • 8.7.10.4. Procedure to access to the `Creations/Deletions history` window for an administrator account
        • 8.7.10.5. Procedure
      • 8.7.11. Viewing the history function for all changes in user rights
        • 8.7.11.1. Introduction
        • 8.7.11.2. Prerequisites
        • 8.7.11.3. Preliminary operations
        • 8.7.11.4. Procedure to access to the `Permissions history` window for an administrator account
        • 8.7.11.5. Procedure
      • 8.7.12. Adding an API access token
        • 8.7.12.1. Introduction
        • 8.7.12.2. Prerequisites
        • 8.7.12.3. Preliminary operations
        • 8.7.12.4. Procedure to access to the `Permissions history` window for an administrator account
        • 8.7.12.5. Procedure
      • 8.7.13. Managing the password policy
        • 8.7.13.1. Introduction
        • 8.7.13.2. Prerequisites
        • 8.7.13.3. Preliminary operations
        • 8.7.13.4. Procedure to access to the `Password Policy` window for an administrator account
        • 8.7.13.5. Procedure to view or change the current settings
        • 8.7.13.6. Procedure to view or change the password policy
    • 8.8. Configuring the detection engine
      • 8.8.1. Setting up GBox and the Malcore and Retroact engines and activate the GBox
        • 8.8.1.1. Introduction
        • 8.8.1.2. Prerequisites
        • 8.8.1.3. Preliminary operations
        • 8.8.1.4. Procedure to access the `Malcore Management` window for an administrator account
        • 8.8.1.5. Procedure to enable the GBox analysis
        • 8.8.1.6. Procedure to setup the analysis timeout
        • 8.8.1.7. Procedure to setup Retroact
        • 8.8.1.8. Procedure to change the analysis limits
      • 8.8.2. Managing the white and black lists of the Malcore engine
        • 8.8.2.1. Introduction
        • 8.8.2.2. Prerequisites
        • 8.8.2.3. Preliminary operations
        • 8.8.2.4. Procedure to access to the `Users management` window for an administrator account
        • 8.8.2.5. Procedure for White list management
        • 8.8.2.6. Procedure for Black list management
      • 8.8.3. Enabling and configuring the Machine Learning engine
        • 8.8.3.1. Introduction
        • 8.8.3.2. Prerequisites
        • 8.8.3.3. Preliminary operations
        • 8.8.3.4. Procedure to access to the `Domain Name Generation (DGA) Detection Management` window for an administrator account
        • 8.8.3.5. Procedure to enable the engine
        • 8.8.3.6. Procedure to disable the engine
      • 8.8.4. Managing the white and black lists of the Machine Learning engine
        • 8.8.4.1. Introduction
        • 8.8.4.2. Prerequisites
        • 8.8.4.3. Preliminary operations
        • 8.8.4.4. Procedure to access to the `Domain Name Generation (DGA) Detection Management` window for an administrator account
        • 8.8.4.5. Procedure to manage the White list
        • 8.8.4.6. Procedure to manage the Black list
    • 8.9. GCenter Configuration Management
      • 8.9.1. Configuring the Netdata polling interface
        • 8.9.1.1. Introduction
        • 8.9.1.2. Prerequisites
        • 8.9.1.3. Preliminary operations
        • 8.9.1.4. Procedure to access to the `Netdata polling` screen of the legacy web UI
        • 8.9.1.5. Procedure to configure
      • 8.9.2. Configuring the Netdata export interface
        • 8.9.2.1. Introduction
        • 8.9.2.2. Prerequisites
        • 8.9.2.3. Preliminary operations
        • 8.9.2.4. Procedure to access to the Legacy Web UI `Netdata Export Configuration` screen
        • 8.9.2.5. Procedure to setup the `GENERAL` parameters
        • 8.9.2.6. Procedure to configure the `ENCRYPTION` parameters
      • 8.9.3. Setting up a Netdata server
        • 8.9.3.1. Introduction
        • 8.9.3.2. Prerequisites
        • 8.9.3.3. Preliminary operations
        • 8.9.3.4. Procedure to install via docker
        • 8.9.3.5. Procedure to configure stream.conf and GCenter
        • 8.9.3.6. Procedure to create alerts for Netdata
      • 8.9.4. Using a Netdata server
        • 8.9.4.1. Introduction
        • 8.9.4.2. Prerequisites
        • 8.9.4.3. Procedure to install via docker
        • 8.9.4.4. Procedure to configure the stream.conf file and GCenter
        • 8.9.4.5. Procedure to configure the netdata.conf file
        • 8.9.4.6. Procedure to configure the Netdata export in the GCenter
        • 8.9.4.7. Procédure to create alerts for Netdata
      • 8.9.5. GCenter Global Configuration
        • 8.9.5.1. Introduction
        • 8.9.5.2. Prerequisites
        • 8.9.5.3. Preliminary operations
        • 8.9.5.4. Procedure to access the legacy web UI `Global settings` screen
        • 8.9.5.5. Procedure
      • 8.9.6. Proxy Settings Configuration
        • 8.9.6.1. Introduction
        • 8.9.6.2. Prerequisites
        • 8.9.6.3. Preliminary operations
        • 8.9.6.4. Procedure to access the `Proxy settings` screen of the legacy web UI
        • 8.9.6.5. Procedure to enter parameters
      • 8.9.7. SSL Settings Configuration
        • 8.9.7.1. Introduction
        • 8.9.7.2. Prerequisites
        • 8.9.7.3. Preliminary operations
        • 8.9.7.4. Procedure to access the `SSL settings` screen of the legacy web UI
        • 8.9.7.5. Procedure to display the `Security details` zone parameters
        • 8.9.7.6. Procedure to enter the `Custom Certificate` zone parameters
        • 8.9.7.7. Procedure to enter the `Dual authentication` zone parameters
      • 8.9.8. Configuring Session Age Settings
        • 8.9.8.1. Introduction
        • 8.9.8.2. Prerequisites
        • 8.9.8.3. Preliminary operations
        • 8.9.8.4. Procedure to access the legacy web UI `Session age settings` screen
        • 8.9.8.5. Procedure to enter session age parameters
      • 8.9.9. Licence amendment
        • 8.9.9.1. Introduction
        • 8.9.9.2. Prerequisites
        • 8.9.9.3. Preliminary operations
        • 8.9.9.4. Procedure to access to the legacy web UI `License information` screen
        • 8.9.9.5. Procedure to enter a new licence
    • 8.10. Logging out of the GCenter web interface
      • 8.10.1. Introduction
      • 8.10.2. Prerequisites
      • 8.10.3. Preliminary operations
      • 8.10.4. Procedure
  • 9. Appendices
    • 9.1. Military Programming Law (MPL)
      • 9.1.1. Regulatory reminders
      • 9.1.2. Goal Reminders
      • 9.1.3. Reminders of requirements
      • 9.1.4. MPL applied to GCenter
        • 9.1.4.1. Automatic actions
          • 9.1.4.1.1. USB Port
        • 9.1.4.2. Manual actions
          • 9.1.4.2.1. No connection between GCenter and AD LDAP
          • 9.1.4.2.2. Deactivation of remote control console interface
          • 9.1.4.2.3. Network interface separation
          • 9.1.4.2.4. Update in "Offline" mode
            • 9.1.4.2.4.1. Certificate integration
      • 9.1.5. Groups
        • 9.1.5.1. Mission of a member of the operator group
        • 9.1.5.2. Mission of a member of the administrator group
  • 10. Glossary
  • Index
GCenter Documentation V102
  • 5. Overview of the GCenter graphic interfaces

5. Overview of the GCenter graphic interfaces

  • 5.1. Presentation of the configuration menu
  • 5.2. Overview of the WEB UI
  • 5.3. Overview of the Kibana GUI
  • 5.4. Overview of the traditional WEB UI (legacy WEB UI)
  • 5.5. Overview of the Netdata User Interface
  • 5.6. Presentation of graphical interfaces via the web browser
  • 5.7. Graphical API
Précédent Suivant

© Copyright 2024, Gatewatcher.