7.4.4. Configure File Reconstruction Rules (File rules management)
7.4.4.1. Introduction
`File rule management`
section enables configuring the file reconstruction rules used by the GCap detection engine.See section: Web UI `Config - Gcaps profiles` screen.
For |
go to the |
---|---|
Setting up the file reconstruction |
|
Loading a saved configuration |
|
Adding a reconstruction rule |
7.4.4.2. Prerequisites
User : member of Operator group
7.4.4.3. Preliminary operations
Login to GCenter via a browser (see Connection to the GCenter web interface via a web browser)
7.4.4.4. Procedure to set up the file reconstruction
From the navigation bar, click successively on :
Click on the
`File rule management`
button (6).
For each rule, validate that the
`protocol`
(3),`type`
(4),`value`
(5) fields match the desired values.Enable or disable the desired rules using the enable button in the
`Enable`
(8) field.Completely remove the unnecessary rules.
If necessary, insert rules using the
`ADD FILE RULE`
button (see Procedure to add a rebuilding rule).Click on the
`Apply`
button (11).
7.4.4.5. Procedure to load a saved configuration
Note
This procedure can be used to load the configuration from one GCap to another or to save the configuration.
From the navigation bar, click successively on :
Click on the
`File rule management`
button (6).
On the first GCap:
Perform the previous procedure to configure the file rebuilding rules
Click on the
`DOWNLOAD TEMPLATE`
(9) button and save the configuration file
On the second GCap:
Click on the
`LOAD CONFIG`
(7) button and select the configuration fileOnce loaded, the configuration of the first GCap is loaded on the second
Click on the
`Apply`
button (11).
Or
Retrieve a previously saved template.
Click on the
`LOAD CONFIG`
(7) button and select the configuration file.Click on the
`Apply`
button (11).
7.4.4.6. Procedure to add a rebuilding rule
From the navigation bar, click successively on :
Click on the
`File rule management`
button (6).
Click on the
`ADD FILE RULE`
button (6).In the popup that appears:
Enable or disable the rule
Specify the protocol on which the rule will be applied
Choose the type of reconstruction - by extension or by filemagic
Enter the value corresponding to the type chosen above
Click on the
`Add`
button
Click on the
`Apply`
button.