8.8.4. Managing the white and black lists of the Machine Learning engine
8.8.4.1. Introduction
Exception lists can be set up in order to:
Force the engine to declare domain names as healthy (White List).This enables eliminating alerts related to recurring false positives.Raise an alert for a domain that would not otherwise have been detected (false negative) using a blacklist.
This procedure shows how to populate both lists.
Note
The graphical interface is described in `Admin-GCenter- ML Management` screen of the legacy web UI.
8.8.4.2. Prerequisites
User : member of Administrator group
8.8.4.3. Preliminary operations
Login to GCenter via a browser (see Connecting to the GCenter web interface via a web browser). with the prerequisite rights.
8.8.4.4. Procedure to access to the `Domain Name Generation (DGA) Detection Management`
window for an administrator account
In the navigation bar, successively click on:
The
`Admin`
buttonThe
`Gcenter`
sub-menu The`ML Management`
commandThe`Machine Learning Management`
window is shown.
- Click on the
`Machine Learning Management`
heading.The`Machine Learning Management`
window is displayed. It contains a single`DGA Detection Management`
category. - Click on the
`DGA Detection Management`
button.The`Domain Name Generation (DGA) Detection Management`
is displayed.
8.8.4.5. Procedure to manage the White list
Click on the
`White List`
section.
To add an item to the list :
Press the`Add a single domain name`
button (1).The`Add to White List`
window is displayed.Enter the domain name.
Enter a comment, if any, for further details.
Click on the`Save`
button.If successful, the following message is displayed:`The domain name xxx was successfully added to white list`
.In case of an error, the following message is displayed.For example,`The domain name was not added to white list. xxx already exists in the white list`
To add a set of items to the list:
Press the`Add a set of domain names`
button (5).The`Add to White List`
window is displayed.Use the
`Browse`
button to select the csv file.If necessary, delete the previous list by ticking the
`Clean previous list`
box.Click on the
`Save`
button.Enter any comments.
Click on the`Save`
button.A status message indicates the result of the import.For example:`The line number 1 is invalid in the csv file. Please contact the Gatewatcher support if you need help.`
. Here the message indicates that the loaded format is not the expected one.
8.8.4.6. Procedure to manage the Black list
Click on the
`Black List`
section.
To add an item to the list:
Press the`Add a single domain name`
button (1).The`Add to Black List`
window is displayed.Enter the domain name.
Enter a comment, if any, for further details.
Click on the`Save`
button.If successful, the following message is displayed:`The domain name xxx was successfully added to white list`
.In case of an error, the following message is displayed.For example:`The domain name was not added to white list. xxx already exists in the white list`
To add a set of items to the list:
Press the`Add a set of domain names`
button (5).The`Add to Black List`
window is displayed.Use the
`Browse`
button to select the csv file.If necessary, delete the previous list by ticking the
`Clean previous list`
box.Click on the
`Save`
button.Enter any comments.
Click on the`Save`
button.A status message indicates the result of the import.For example:`The domain name was not added to black list. xxx already exists in black list`