2.2.3. Update presentation
beacon.gwp package: this package contains beacon update
cti.gwp package: this package contains update of the database of Indicators Of Compromise
dga.gwp package: this package contains update to the DGA detect engine
sigflow.gwp package: this package contains the sigflow engine update and the rules base updates
malcore directory: this directory contains the updates of Malcore engines and their antivirus databases
full package (full.gwp): this package is the sum of the previous packages
Note
The malcore directory contains:
One package for each antivirus engine named after the hash of the engine to which it relates, same hash as what is presented in malcore healthcheck
A package of utilities named "common_utilities.gwp"
These packages can be installed as follows:
2.2.3.1. Manual Update
Note
Note
2.2.3.2. Automatic update
They can be carried out in different ways according to the needs of the information system:
Online update: packages are downloaded directly from GATEWATCHER websites
Local update: packages are downloaded from a local repository
2.2.3.2.1. Online update
Note
2.2.3.2.2. Local update
Prerequisites: a listening web server on port 80
- Create the following tree structure: "2.5.3.10X/GCenter" according to the GCenter version (2.5.3.103).In the following configuration example, this tree should be created at the root of the server.
Retrieve gwp files for the 2.5.3.103 (beacon.gwp, cti.gwp, dga.gwp, all packages of the malcore folder, sigflow.gwp) on https://update.gatewatcher.com/update/
In "2.5.3.10X/GCenter", put the previously recovered gwp files
In "2.5.3.10X/GCenter", put the files . sha256 corresponding to the files above
Note
Note
In case of limited bandwidth, the exact required package list coherent with the license is available in threat-DB update configuration, with the `show requirements`
button.
Note