7.9. Configuring Metadata Rate Limiters

7.9.1. Introduction

In addition to alerts, GCaps generate metadata events on analyzed network flows.

This information can be useful in surveys, but in a certain context, it can quickly exceed the indexing capabilities of GCenter.

In order to reduce the amount of metadata while maintaining most information exchanges, it is possible to enable the limiters defined below.

---

7.9.2. Links associated

See `Metadata rate limiter` screen.

---

7.9.3. Prerequisites

• User : member of Operator group

---

7.9.4. Preliminary operations

• Login to GCenter via a browser (see Connection to the GCenter web interface via a web browser)

---

7.9.5. Procedure to view metadata

• In the navigation bar, click on the `Hunting` button (5).

  

  The `Hunting` window is displayed.

  

  This GUI is described in Main tabs.

• Use the Kibana tool (hunting > Metadata command) to understand what kind of metadata should be optimized first.

---

7.9.6. Procedure to setup the limiter then activate

• In the navigation bar, click successively on:

• The `Detection Strategy` menu

• The `Metadata rate limiter` command of the `Detection Strategy` category

  The following screen is displayed.
  

• If necessary, for the first selected protocol (`DNS`, `HTTP`, `TLS`, `SMB`):

• Select filtration level (field `Aggressivity level`)

• Activate with the selector `Enabled -Disabled`

• Proceed to next protocol

• Validate with the `Save changes` button (9).

---