ASGARD Analysis Cockpit is our on-premise soft-appliance that helps you analyze large amounts of THOR log data. The new version 3, which we are going to release this month, adds many new usability features and views. This blog post lists some of the changes. 

Analysis Cockpit 3 has a new look with many features that improve usability.

Filtering the log data to select a group of events to include into a case has never been easier. The search bar has been modified to support the most common use cases with feedback from numerous analysts. 

The idea is to allow a user reach a certain intended view with as few clicks and interactions as possible. 

New case creation forms, which are much more compact and add a new event selection type named “condition”. 

It adds many views focussed on assets like scans of each asset or findings per asset.

Extensive reporting section and for HTML and PDF reports

Two-Factor-Authentication (2FA, OTP) and improved LDAP support

A new “Notifications” sections allows you to review all triggered notifications that have been sent via SYSLOG, E-mail oder Webhook to a remote system.

These notifications are configured by the user and may include e.g.

  • New event added to incident case
  • Case type changed from “open” to “request evidence”

Other improvements:

  • Massive performance improvements
  • Sidebar with context information
  • CSV exports from almost any view
  • Direct Virustotal & Valhalla lookups from the event details

ASGARD Analysis Cockpit version 3 will be released this month. Customers with signed BETA software agreement can already test it since the beginning of this year. An upgrade from Analysis Cockpit version 2 is possible and includes an export of the case data and re-import of all previously indexed log data with the help of a guide that is part of the new manual.