5.6.23. `Admin-GUM- Threat DB update`
screen of the legacy web UI
`Threat DB update`
command from the `Admin-GUM`
menu, the following screen is displayed.For rule packages downloaded in a scheduled manner
For manually downloaded rule packages
Packages that can be downloaded via this interface are the:
malcore package: this package contains only engine and antivirus database updates used by Malcore
dga package: this package contains updates to the gdgadetect engine
cti package: this package contains CTI engine updates
sigflow package: this package contains only Sigflow engine and rule base updates
full package (full): this package is the sum of the previous packages
Note
The cti.gwp package is updated hourly on update.gatewatcher.com The other packages dga.gwp, malcore.gwp, sigflow.gwp sont updated every day. It is not possible to download the full.gwp file in automatic mode
The `Threat DB update`
screen contains the following items:
Item |
Name |
Function |
---|---|---|
1 |
|
Triggers the installation of the update package |
2 |
|
Enables selecting an update package |
3 |
|
DGA engine update progress bar / Last update status |
4 |
|
CTI update progress bar / Last update status |
5 |
|
Malcore engine update progress bar / Last update status |
6 |
|
Progress bar for the loading of the Sigflow engine rule files / Status of the last update |
7 |
|
Progress bar of the extraction of rules files from the Sigflow engine |
8 |
|
Progress bar of the integrity check of a loaded package |
9 |
|
Update progress bar: this covers all the steps detailed in the other fields |
In the event of a scheduled update of a package file containing all the rules of a single engine or all the engines:
The progress bar in the
`Scheduled GUM threat DB update progression`
field starts advancing:The progress bar in the
`Reading the gwp file`
field starts to advance. This means that the file has been downloaded and the system is checking its integrityThe progress bars of the
`Loading sigflow`
and`Extracting sigflow`
fields begin their respective progressions. This corresponds to the processing of rule files in the Sigflow engineThe progress bar in the
`Updating malcore`
field begins to progress. This corresponds to the processing of the Malcore engine rule filesThe progress bar for the
`Upgrading LIS`
field begins to progress. This corresponds to the processing of the CTI engine rule filesThe progress bar in the
`Updating DGA`
field begins to move. This corresponds to the processing of the DGA engine rule filesOnce the various steps are complete, the progress bar in the
`Scheduled GUM threat DB update progression`
field finishes its progression and indicates the final processing status
To use a package file from the remote PC, use the `Parcourir`
button (2).
Important