5.6.16. `Config - sigflow/sources` screen of the legacy web UI

This screen is only accessible to members of the operator group.

Note

For administrator group members, the following message is displayed: `Error 403: Insufficient permissions.`

After pressing the `Sources` command from the sub-menu `Config/Sigflow`, the following screen is displayed.
This screen enables:

  • Defining the sources of signatures for the detection engine

  • Managing the existing sources

  • Managing the rule set files made available by the sources

  • Managing the categories and rules of these files

../../_images/SOURCES-01.PNG

The `Sources` screen contains the following sections:

Item

Name

Position

1

`Defined sources`

Indicates the list of existing sources

2

`List of feeds`

List of streams

3

`Action`

Area of possible actions. The possible actions listed below depend on the context:

4

`Add public source`

  • The button enables adding public sources

5

`Add custom source`

  • The button enables adding custom sources

6

`3 Sources`

Field indicates the number of sources defined

7

Description of a source

Defined source. This includes the following types of information:

  • The source name (CTI, ETPRO, LastInfoSec... )

  • The date and time of the last update

  • The number of categories and signatures

You can add a MIPS source. To do this, refer to the procedure in Configuring the connection to the MISP

8

Search field

Enables a search

9

`View` button

Displays the `Sources: view` screen (see below)

10

context menu

Displays the management sub-menu for this source for access to the `Edit source` and `Delete source` commands

Note

You can have two LastinfoSec entries:

  • An entry named `LastinfoSec(Experimental)` : this entry only exists if the GCenter was in version V101 and migrated to V102.
    This entry must be deleted. To do this, refer to Procedure to delete a source.
  • An entry named `LastinfoSec`: this entry is created in V102.
    This entry must be kept and used.

After pressing the `View` button (9), the `Sources: view` screen contains the following sections:

../../_images/SOURCES-02.PNG

Item

Name

Position

1

Source field

Indicates the selected source (here CTI). it includes the following fields:

10

Source creation field

  • The date and time the source was created

9

Update field

  • The date and time of the last update

2

`Action`

Area of possible actions. The possible actions listed below depend on the context.

8

`Changelog`

  • Button to display the history of the current source

7

`Update`

  • Button to update the current source

6

`Edit`

  • Button to edit the current source

5

`Delet`

  • Button to delete the current source

3

`Categories`

List of categories. This includes three types of information:

  • The category name

  • The category description

  • The creation date of the category

4

Search field

Enables searching for text in the categories including the description field of the rules

Note

Each source is made up of categories.
Each of these categories can be edited.
Each category is composed of rules. Clicking on a category will display the list of rules.
Each of these rules can be edited.

See the SIGFLOW engine rule sources procedure to :

  • Visualization and management of sources

  • Visualization and management of rule files