8.9.5. GCenter Global Configuration

8.9.5.1. Introduction

This procedure describes the overall configuration of GCenter.

Note

The GUI is described in `Global settings` section.

---

8.9.5.2. Prerequisites

• User : member of Administrator group

---

8.9.5.3. Preliminary operations

• Login to GCenter via a browser (see Connecting to the GCenter web interface via a web browser). with the prerequisite rights.

---

8.9.5.4. Procedure to access the legacy web UI `Global settings` screen

• In the navigation bar, click successively on:

  • The `Admin` button,

  • The `Gcenter` sub menu

  • The `Configuration` command

    The `Configuration` window is displayed.
    

• Click the `Global settings` button (3).

---

8.9.5.5. Procedure

The following screen is displayed:

• Enter the company name in field (1) `Company`.

  This field allows you to add the company name on the detection analysis reports.

  These reports can be downloaded after making an association between the GCenter and the Intelligence platform.

  The default is: empty.
• Enter the password that protects the archive when downloading malware in field (2) `Password for zipped malware files`.

  The default is: empty.

  This password protects the archive when downloading malware and decompresses it to avoid an unfortunate click.

  This password is the same for downloading shellcodes.

  This feature is described in more detail in the Malcore parts.
• Enter the number of days the data is stored in field (3) `Data retention (in days)`.

  The default is: 15.

  Note

  The configuration is done in two steps:

  • First on GCenter at this field

  • The second at the GCap detection probe in the configuration settings

• Enter the maximum disk space allocated to store logs in field (4) `Elasticsearch max data retention (in GB)`.

  Attention

  Larger size implies higher latencies and reduced performance and stability.

• Enable the selector (5) `Enable GScan` to allow real-time local analysis of suspicious malware or executables.

  The default is: enabled.

  Note

  As part of the Military Programming Law, the GScan feature is disabled by default in this management interface.

• Enable selector (6) `Enable Privacy SMTP` to enforce privacy rights by hiding the email.subject field of SMTP alerts in GATEWATCHER dashboards for private emails.

  The default is: off.

  An email is considered private if its subject begins with the words private, private or private (not case sensitive).

• Select the network interface through which the GCenter is listening on the ports defined below in field (8) `Input interfaces`.

• Select the listening port (linked to http protocol) in field (9) `HTTP listening port`.

  The default is: 80
• Select the network interface (for all http streams) in field (10) `Outbound HTTP interface`.
• Enter the SSH banner (presented during pre-authentication on all paired GCaps and GCenter) in field (11) `SSH banner`.

  The default is: empty
• Select the listening port (linked to the https protocol) in the `HTTPs listening port`.

  The default is: 80

• Press the `Save` button (13) to save current settings and update the GCenter.

Important

If the equipment GCenter and GCap is in an environment that is part of the LPM framework (Military Programming Law) the GSCAN service is automatically disabled and cannot be activated.

For more information, refer to the LPM section of this document.

---