2. New features¶
2.1. ELK update¶
The ELK suite was updated to version 7, enabling an optimisation of these services as well as improved stability.
2.2. KIBANA table update¶
The KIBANA tables now include the new protocols supported by a GCap version 188.8.131.52 or higher.
A redesign of the navigation menu was carried out, having a DARK theme by default.
Kibana Maps functionality was integrated.
2.3. Malcore update¶
Malcore was upgraded to version 4, enabling improved stability.
2.5. Support for detection rules per monitoring interface and per VLAN (multi-tenancy)¶
Configured detection rule sets can be applied to monitoring interfaces (up to 8) or specific VLANs. It is done from the GCenter web interface.
2.6. Log export¶
It is now possible to configure two syslog servers to export event logs.
The chart was completely revised to make it smooth and dynamic.
The export supports RFC 3164 or RFC 5424. Advanced filters enable targeting of:
The various protocols supported by the paired detection probes.
IPV4 or IPV6.
The list of GCaps paired with GCenter.
The TLS protocol integration enables secure exchanges between GCenter and the syslog server. A certificate is required to activate this .
GCenter now has an API enabling certain actions or requests to be automated via scripts or a SOAR. The swagger documentation is available directly on GCenter. A python package and a user manual are available in the documentation.
2.8. GUM - Cumulative Hotfix¶
The various hotfixes made available can be applied via a single package.
2.9. Deep Scan Shellcode¶
A “Deep Scan” mode was added to the GScan shellcodes functionality.
It enables improved detection of unknown patterns or obfuscation methods. This method requires a higher time cost and can be ‘enabled/disabled’ from the GCenter web interface. A maximum duration can also be configured.
2.10. Shellcode and powershell engine¶
The shellcode (GOASM) and powershell (GPS) detection engines were improved for increased stability.
2.11. New protocol support¶
GCenter enables configuring new protocols supported by a GCap version 184.108.40.206 and higher.
2.12. Secure monitoring service¶
It is now possible to configure the Netdata export in a secure way via TLS and a certificate.
The web configuration interface was revised to improve interactivity.
2.13. WebUI evolution¶
The Gatewatcher tables moved to a new menu INSPECTRA accessible from the GCenter web interface. They are now only relevant to the MALCORE and CODEBREAKER engines. The escalated alerts remain accessible from the Kibana tables in the Dashboards menu.
The following features were removed: * ICAP, * Reporting, * When editing a Delete generated alerts rule, * and All In One were removed.
The Global Status and Malcore Update Status views were enhanced to provide more detail on equipment failures and antivirus engine updates.
The Malcore Management/Global Setting menu was completely revised.
2.14. GCap profile¶
It is possible for an Operator to configure the profile of a GCap via the Sigflow menu of the WebUI.
The default template available to the operator is fully configurable by an administrator.
The administrator can choose from among five templates that we provide:
Default: the most optimised configuration.
Minimal: nothing is enabled.
MPL: The parameters required for MPL mode.
Intuitio: The prerequisites for Network Detection and Response (NDR).
Paranoid: All is enabled.
Once the default template is applied by the operator, the GCap profile configuration remains fully customisable by the latter.
2.15. Tech Support¶
It is possible to run a quick and complete diagnostic of GCenter from the gcenter-setup via the Tech Support menu. The diagnostic result can be read directly from the terminal.
2.16. GApps Management - Restart GApp¶
The GApps Management/Restart a GApp menu via gcenter-setup allows restarting the following GCenter internal services:
Malware Analysis Engine.
WebUI Service 1/2.
Threat Analysis and Retroactive Orchestrator.
Gcap Upgrade Provider Service.
WebUI Service 2/2.
Ephemeral Data Service.
Threat Logger Service.
Master ES Service.
Hot Data ES Service.
Cold Data ES Service.
PowerShell Analyser Engine.
Exploit Analyser Engine.