ASGARD Analysis Cockpit Version 3

by May 6, 2021

ASGARD Analysis Cockpit is our on-premise soft-appliance that helps you analyze large amounts of THOR log data. The new version 3, which has just been released, adds many new usability features and views. This blog post lists some of the changes. 

Analysis Cockpit 3 has a new look with many features that improve usability.

Filtering the log data to select a group of events to include into a case has never been easier. The search bar has been modified to support the most common use cases with feedback from numerous analysts. 

The idea is to allow a user reach a certain intended view with as few clicks and interactions as possible. 

New case creation forms, which are much more compact and add a new event selection type named “condition”. 

It adds many views focussed on assets like scans of each asset or findings per asset.

Extensive reporting section and for HTML and PDF reports

It allows to create reports

  • by business unit
  • comparison between time frames and group scans
  • highlights on lateral movement
  • highlights on remediated systems

Two-Factor-Authentication (2FA, OTP) and improved LDAP support

A new “Notifications” sections allows you to review all triggered notifications that have been sent via SYSLOG, E-mail oder Webhook to a remote system.

These notifications are configured by the user and may include e.g.

  • New event added to incident case
  • Case type changed from “open” to “request evidence”

Other improvements:

  • Massive performance improvements
  • Improved API for SOAR, Sandbox, SIEM integration
  • Views for real-time events generated by ASGARD’s 2.10 new Eventlog watcher with Sigma rules
  • Provides additional endpoint related information like installed software and list of local users (Windows only)
  • Improved flexibility in case management section 
  • Sidebar with context information
  • CSV exports from almost any view
  • Direct Virustotal & Valhalla lookups from the event details

ASGARD Analysis Cockpit version 3 has been released this month. An upgrade from Analysis Cockpit version 2 is possible and includes an export of the case data and re-import of all previously indexed log data with the help of a guide that is part of the new online manual. New customers find the installer ISO in the “Downloads” section of the customer portal.

About the author:

Florian Roth

Florian Roth serves as the Head of Research and Development at Nextron Systems. With a background in IT security since 2000, he has delved deep into nation-state cyber attacks since 2012. Florian has developed the THOR Scanner and actively engages with the community via his Twitter handle @cyb3rops. He has contributed to open-source projects, including 'Sigma', a generic SIEM rule format, and 'LOKI', an open-source scanner. Additionally, he has shared valuable resources like a mapping of APT groups and operations and an Antivirus Event Analysis Cheat Sheet.

Newsletter

New blog posts
(~1 email/month)

GDPR Cookie Consent with Real Cookie Banner