ASGARD Analysis Cockpit is our on-premise soft-appliance that helps you analyze large amounts of THOR log data. The new version 3, which has just been released, adds many new usability features and views. This blog post lists some of the changes.
Analysis Cockpit 3 has a new look with many features that improve usability.
Filtering the log data to select a group of events to include into a case has never been easier. The search bar has been modified to support the most common use cases with feedback from numerous analysts.
The idea is to allow a user reach a certain intended view with as few clicks and interactions as possible.
New case creation forms, which are much more compact and add a new event selection type named “condition”.
It adds many views focussed on assets like scans of each asset or findings per asset.
Extensive reporting section and for HTML and PDF reports
It allows to create reports
- by business unit
- comparison between time frames and group scans
- highlights on lateral movement
- highlights on remediated systems
Two-Factor-Authentication (2FA, OTP) and improved LDAP support
A new “Notifications” sections allows you to review all triggered notifications that have been sent via SYSLOG, E-mail oder Webhook to a remote system.
These notifications are configured by the user and may include e.g.
- New event added to incident case
- Case type changed from “open” to “request evidence”
- Massive performance improvements
- Improved API for SOAR, Sandbox, SIEM integration
- Views for real-time events generated by ASGARD’s 2.10 new Eventlog watcher with Sigma rules
- Provides additional endpoint related information like installed software and list of local users (Windows only)
- Improved flexibility in case management section
- Sidebar with context information
- CSV exports from almost any view
- Direct Virustotal & Valhalla lookups from the event details
ASGARD Analysis Cockpit version 3 has been released this month. An upgrade from Analysis Cockpit version 2 is possible and includes an export of the case data and re-import of all previously indexed log data with the help of a guide that is part of the new online manual. New customers find the installer ISO in the “Downloads” section of the customer portal.