2. New features

2.1. ELK update

The ELK suite was updated to version 7, enabling an optimisation of these services as well as improved stability.

2.2. KIBANA table update

The KIBANA tables now include the new protocols supported by a GCap version 2.5.3.103 or higher.

A redesign of the navigation menu was carried out, having a DARK theme by default.

Kibana Maps functionality was integrated.

2.3. Malcore update

Malcore was upgraded to version 4, enabling improved stability.

2.4. SSH pre-authentication banner

An SSH pre-authentication banner is configurable for all paired GCaps and the GCenter from the GCenter WebUI.

GCaps that pair with the GCenter will automatically benefit from this banner, if it was configured beforehand.

2.5. Support for detection rules per monitoring interface and per VLAN (multi-tenancy)

Configured detection rule sets can be applied to monitoring interfaces (up to 8) or specific VLANs. It is done from the GCenter web interface.

2.6. Log export

It is now possible to configure two syslog servers to export event logs.

The chart was completely revised to make it smooth and dynamic.

The export supports RFC 3164 or RFC 5424. Advanced filters enable targeting of:

  • The various protocols supported by the paired detection probes.

  • IPV4 or IPV6.

  • The list of GCaps paired with GCenter.

The TLS protocol integration enables secure exchanges between GCenter and the syslog server. A certificate is required to activate this .

2.7. API

GCenter now has an API enabling certain actions or requests to be automated via scripts or a SOAR. The swagger documentation is available directly on GCenter. A python package and a user manual are available in the documentation.

2.8. GUM - Cumulative Hotfix

The various hotfixes made available can be applied via a single package.

2.9. Deep Scan Shellcode

A “Deep Scan” mode was added to the GScan shellcodes functionality.

It enables improved detection of unknown patterns or obfuscation methods. This method requires a higher time cost and can be ‘enabled/disabled’ from the GCenter web interface. A maximum duration can also be configured.

2.10. Shellcode and powershell engine

The shellcode (GOASM) and powershell (GPS) detection engines were improved for increased stability.

2.11. New protocol support

GCenter enables configuring new protocols supported by a GCap version 2.5.3.103 and higher.

2.12. Secure monitoring service

It is now possible to configure the Netdata export in a secure way via TLS and a certificate.

The web configuration interface was revised to improve interactivity.

2.13. WebUI evolution

The Gatewatcher tables moved to a new menu INSPECTRA accessible from the GCenter web interface. They are now only relevant to the MALCORE and CODEBREAKER engines. The escalated alerts remain accessible from the Kibana tables in the Dashboards menu.

Functionality.

The following features were removed: * ICAP, * Reporting, * When editing a Delete generated alerts rule, * and All In One were removed.

The Global Status and Malcore Update Status views were enhanced to provide more detail on equipment failures and antivirus engine updates.

The Malcore Management/Global Setting menu was completely revised.

2.14. GCap profile

It is possible for an Operator to configure the profile of a GCap via the Sigflow menu of the WebUI.

The default template available to the operator is fully configurable by an administrator.

The administrator can choose from among five templates that we provide:

  • Default: the most optimised configuration.

  • Minimal: nothing is enabled.

  • MPL: The parameters required for MPL mode.

  • Intuitio: The prerequisites for Network Detection and Response (NDR).

  • Paranoid: All is enabled.

Once the default template is applied by the operator, the GCap profile configuration remains fully customisable by the latter.

2.15. Tech Support

It is possible to run a quick and complete diagnostic of GCenter from the gcenter-setup via the Tech Support menu. The diagnostic result can be read directly from the terminal.

2.16. GApps Management - Restart GApp

The GApps Management/Restart a GApp menu via gcenter-setup allows restarting the following GCenter internal services:

  • Malware Analysis Engine.

  • WebUI Service 1/2.

  • Database Service.

  • Threat Analysis and Retroactive Orchestrator.

  • Connections Manager.

  • DGA Engine.

  • Kibana Service.

  • Monitoring Service.

  • Gcap Upgrade Provider Service.

  • WebUI Service 2/2.

  • Ephemeral Data Service.

  • Threat Logger Service.

  • Master ES Service.

  • Hot Data ES Service.

  • Cold Data ES Service.

  • PowerShell Analyser Engine.

  • Exploit Analyser Engine.