9.1. Military Programming Law (MPL)
9.1.1. Regulatory reminders
Some reminders of the main principles of the french Military Programming Law (MPL):
Fench Military Programming Law (Act no. 2013-1168 of 18 December 2013)
Article 22: implementation supervised by the ANSSI for the OIVs
Impose security measures,
Impose controls on the most critical information systems
Make it compulsory to report incidents observed by OIVs on their information systems
Article L.1332-6-1 of the Defense Code amended by Act no. 2015-917 of 28 July 2015 - Art. 27
Establish organizational and technical measures
Define procedures for identifying and reporting security incidents affecting vital information systems (SIIV)
9.1.2. Goal Reminders
The objectives are :
To protect national critical infrastructures against cyber attacks
Reduce exposure to risks and
Optimise the quality of services provided by organisations
9.1.3. Reminders of requirements
Requirements for OIVs and security incident detection service provider (PDIS) actors are to be taken into account on equipment:
Implement an information systems security policy
Carry out a security certification
Communicate the elements on the IVIS set up by the operator to the ANSSI
Observe and react to security alerts
Limit access
Partition the networks
Select the qualified technologies

9.1.4. MPL applied to the GCenter
Note
Whatever the mode, the AIONIQ solution integrates GRSECURITY improvements, including PaX, thus reducing the attack surface including at the kernel level.
AD/LDAP manual action required
USB port automatic action
Update in "Offline" mode manual action required
Interface separation manual action required
Certificate integration manual action required
iDRAC Disabled manual action required
The groups manual action required
9.1.4.1. Automatic actions
9.1.4.1.1. USB Port
Note
This limits access to the device's TTY.
9.1.4.2. Manual actions
The following list of actions should only be performed by an administrator of the AIONIQ solution.
9.1.4.2.1. No connection between GCenter and an LDAP
`LDAP authentication settings`
(2) area:Use the
`Enable`
selector (2) to deactivate the function.- Click on the
`Save changes`
button.This change will cause the application to restart, resulting in a disconnection from the user page.Once the administrator clicks the`Confirm`
button, it will be necessary to reconnect to the interface.
9.1.4.2.2. Deactivation of remote control console interface
9.1.4.2.3. Network interface separation
9.1.4.2.4. Update in "Offline" mode
Either from the GCenter web interface (see section Local update). This is a manual update.
Or via a location on the network, disconnected from the internet, (see section Manual Update). This corresponds to an Local update.
9.1.4.2.4.1. Certificate integration
9.1.5. Groups
In order to respect the separation of roles on the GCenter, default groups are already created to facilitate user management:
The operators group
The administrators group
9.1.5.1. Mission of a member of the operator group
A member of the operator group has as mission :
Viewing of synthetic dashboards via the WebUI interface showing information about the monitored system
Main dashboard (Home) to synthetically display alarms classified by level of risk
Dashboard to display the network map. It shows the relationships between the elements present on the network
Dashboards to display alarms classified by criteria (Users, Assets, Alerts) or by type of risk (Overview)
Consultation of detailed dashboards via the Kibana interface showing the data information present in the detection event dashboards.
Own account management
Changing the checking account password
Modification of certain information of the current user
Sigflow engine configuration
Management of SIGFLOW engine rule sources
Creation of a ruleset of the SIGFLOW engine
Modification of SIGFLOW engine rules
Generation of SIGFLOW engine rulesets
GCap configuration from the GCenter with GCaps Profiles
Détection ruleset
Base variables
Net variables
File rule management
Packet filters
9.1.5.2. Mission of a member of the administrator group
A member of the administrator group is responsible for:
NDR configuration, for example:
Alerts displayed in the Alerts dashboard
The equipment displayed in the Assets dashboard
Users displayed in the Users dashboard
Administrating a GCap, for example:
Pairing a GCap with the GCenter
Re-pairing a GCap
Managing the GCenter backup and restoration, for example:
Setting the backup
Operating the backup
Operating the restoration
Managing of the GCenter software, for example:
Configuring automatic update of signatures and/or anti-viral engines
Installing an update manually
Installing a hotfix
Installing of an upgrade
Administrating the GCenter
Configuring the export data to a SIEM via the syslog protocol
Configuring the export data to ETL Logstash via the syslog protocol
Creating a POC Logstash
Configuring the connection to the MISP
Deleting data (log files)
Generating and loading files for diagnosis
Using an endpoint API
Managing the license
Configuring the GCenter
Managing user accounts
Creating local users
Changing some of a local user's information
Resetting a local user's password
Deleting a local user
Displaying of the connection status between the GCenter and the LDAP server
Enabling the connection between the GCenter and the LDAP server
Configuring the connection between the GCenter and the LDAP server
Configuring the users and groups defined on LDAP / ActiveDirectory
Viewing the authentication history
Configuring the authentication history
Managing an API access token
Managing the password policy
Configuring the detection engine
Setting up the Malcore engine
Managing the Ignore list of the Malcore engine
Setting up the Malcore retroanalyzer engine
Setting up the Yara engine
Setting up the DGA detect engine
Managing the Ignore list of the DGA detect engine
Setting up the Malicious Powershell detect engine
Setting up the Shellcode detect engine
Setting up the Active CTI engine
Setting up the retro hunt engine
Setting up the Ransomware detect engine
Managing the Ignore list of the Ransomware detect
Setting up the beacon detect engine
Managing the Ignore list of the Beacon detect
Managing current user
Changing the checking account password
Changing some of the current user's information
Monitoring the netdata
Configuring the Netdata polling interface
Configuring the Netdata export interface
Setting up a Netdata server
Using a Netdata server