5.6.19. `Admin-GCaps pairing and status` screen of the legacy Web UI
`GCaps pairing/status` command from the `Admin` menu, the screen consists of two different areas:5.6.19.1. `Gcap defaut profile` zone
This screen enables configuring the GCap using predefined profiles.
Item |
Name |
Function |
|---|---|---|
1 |
|
List of available profiles. The selected choice is that which is visible. |
2 |
|
Loads the selected profile. List of rule sets |
5.6.19.1.1. Profile information
The profiles offered are:
Profile |
Function |
|---|---|
Minimal |
This is the minimalist configuration; less data will be scanned. Very few alerts are generated. |
Balanced |
The recommended configuration, just enough data will be probed. Very few alerts are missed. |
LPM |
MPL Optimized Configuration. A few more alerts can be managed. |
Paranoid |
Paranoid configuration: all events are enabled. Many alerts can be generated. |
Intuitio |
Configuration optimized for NDR. Please use it only for NDRs. |
These profiles define separate configurations for the following topics:
- Alerting and logging configuration of the protocols used by the GCapTo view the detailed settings for each of these profiles, please refer to Default settings for existing profiles available.
- Configuration of the management of the file extraction rules used by the GCapTo view the detailed settings for each of these profiles, please refer to Description the `File rule management` section.
5.6.19.1.2. Updating the profile
`Update` button enables the default profile to be updated and deployed to GCaps.- When it is paired with the GCenter.It is important to select the correct profile so that the GCap takes on the correct profile.
- This is done by pressing the
`Reset to default configuration`button.Please note that all existing manual configurations are then replaced by the default profile configurations.
Note
Updating the default profile does not change the configurations of the GCap's already paired to the GCenter.
Note
The update only concerns the choice of the default profile. Profiles are not editable.
5.6.19.2. `Gcap pairing and status` zone
This screen enables adding, managing, and pairing the GCaps with the GCenter.
Item |
Name |
Function |
|
|---|---|---|---|
15 |
GCenter information area: this includes |
||
1 |
|
Display of the FQDN of the GCenter |
|
2 |
|
Displays the fingerprint of the GCenter useful during the pairing procedure |
|
14 |
|
||
3 |
|
Enter the FQDN of the GCap to be paired |
|
4 |
|
Starts the GCap pairing |
|
13 |
Paired GCap List Area: this includes |
||
5 |
The information of each paired GCap; This information consists of: |
There are as many lines as there are GCaps paired |
|
6 |
|
Deletes the GCap |
|
7 |
|
Re-pairs the selected GCap. The existing data is not lost. |
|
8 |
|
Indicates the GCap version |
|
9 |
|
Indicates the date and time of the last update of the ruleset |
|
10 |
|
Indicates the status of the VPN connection between the GCenter and the GCap |
|
11 |
|
Displays detailed information on System stats, Network stats, Sigflow stats, and Protocol flows |
|
12 |
|
Indicates the FQDN of the selected GCap |
|
Note
During a deletion, the GCap continues to send its events until the VPN tunnel is taken down - timeout of the connection between the GCap and the GCenter.