7.10. Configuring Metadata Rate Limiters

7.10.1. Introduction

In addition to alerts, GCaps generate metadata events on analyzed network flows.

This information can be useful in surveys, but in a certain context, it can quickly exceed the indexing capabilities of GCenter.

In order to reduce the amount of metadata while maintaining most information exchanges, it is possible to enable the limiters defined below.

See Web UI `Config - Metadata rate limiter` screen.

---

7.10.2. Prerequisites

• User : member of Operator group

---

7.10.3. Preliminary operations

• Login to GCenter via a browser (see Connection to the GCenter web interface via a web browser)

---

7.10.4. Procedure to view metadata

• In the navigation bar, click on the `Hunting` button.

This GUI is described in Native dashboards.

• Use the Kibana tool (hunting > Metadata command) to understand what kind of metadata should be optimized first.

---

7.10.5. Procedure to setup the limiter then activate

• In the navigation bar, click successively on:

• The `Config`

• The button `Metadata rate limiter`

  The following screen is displayed.

  

• If necessary, for the first selected protocol (`DNS` (1), `HTTPS` (2), `HTTP` (3), `SMB` (4)):

• Select filtration level (field `Aggressivity level` item (10 to 13))

• Activate with the selector `Enabled -Disabled` item (5 to 8)

• Proceed to next protocol

• Validate with the `APPLY` button (9).

---