We are glad to announce a new ASGARD Management Center (AMC) release with exciting new features and improvements.
Sigma LogWatcher
LogWatcher is a new service that applies Sigma rules to Windows Eventlog entries. It uses the big public Sigma rule base and has access to the upcoming private Sigma rule feed maintained by Nextron Systems. It’s the first additional service that can be managed and configured in the new “Service Control” section. (add the “Service Control” right to roles to enable the section for these roles)
Improved LDAP Support
The new LDAP configuration now supports all kinds of different selection options to authenticate against Microsoft Active Directory.
Improved IOC Management
The IOC Management moved into the Scan Control section and now allows you to import single or groups of IOCs in a special interface that abstracts from the underlying format required by THOR.
A ruleset contains IOC groups which contain IOCs. Integrated checks verify the provided expressions and give you direct feedback.
Persistent Column Settings per User
Each user can now configure the table views in each section according to their needs, which persist across sessions.
Performance Improvements
The new version improves the performance of large installations (>10,000 endpoints) significantly.
THOR and THOR TechPreview Support
It’s now possible to scan with all kinds of THOR version, the current stable version Tech Preview versions and even THOR Lite.
Before you update:
- the upgrade can take up to one hour in large installations, so please wait and do not reboot during the installation
- the API has been completely revised so that old API endpoints that you currently use may not work anymore
- to prevent an inconsistent state, you have to upgrade the Master ASGARD before upgrading the connected ASGARDs
More changes:
- improved stability and error handling of THOR scans
- extended CSV output and availability in many more sections
- requirements for password complexity has been increased