ASGARD Analysis Cockpit’s new version 2.8.2 features an open API to interface with all major sandbox vendors.
It ships with presets for Cuckoo Sandbox and even allows to connect multiple different sandboxes at the same time.
Today users can configure THOR scans in the ASGARD Management Center that collect suspicious files with a given minimum score.
(side note: a clever mechanism in Bifrost protocol v2 collects only files that have not been collected before)
The new version of Analysis Cockpit will automatically receive these samples once it gets connected to an ASGARD Management Center.
With a connected Sandbox, you can decide to send <all> incoming samples to Sandbox or drop only selected samples manually.
Analysis Cockpit’s “Sandbox” section shows all collected samples, the affected hosts, hashes, filenames and other data in the “Files” tab.
The “Reports” tab contains results from each sandbox run.
Each event in “Baselining” section shows an available sandbox report if a hash in the event matches with one of a sample that has been analyzed by the sandbox.
The Analysis Cockpit API allows the retrieval of collected sample files and the upload of any type of report.