ASGARD v2.13 Release

by Apr 13, 2022

Over the last 4 months, we’ve worked on many new UX improvements and the integration of our endpoint agent Aurora. Today, we are glad to announce the release of ASGARD version 2.13. 

UX Improvements

We’ve reworked many sections and dialogues with user experience (UX) in mind. 

Overall, we’ve made more than 260 changes, reworked complete sections and dialogues and added completely new functions like the new “diagnostics”. 

Some of highlights:

  • Each THOR scan now shows a progress bar that doesn’t only show the state of completion but also the current module and element, the module progress and the amount of time spent on this module. This can help you to identify bottlenecks, issues or elements that should better be excluded from the scan.
  • All tables now have an option for an auto-refresh, which can be set per user and table (persistent setting by user)
  • The new diagnostics section helps you to quickly identify connectivity or configuration issues
  • Export and Import of Scan Templates
  • Reworked THOR download section, which allows to generate links for the “latest available version” and shows an information on the API endpoint usage
  • Improved agent installer repackaging options (e.g. repack all outdated installers)
  • Many dialogues with additional error handling of common user errors

Some of the planned UX improvements are still on the roadmap and will be part of the next update. These include: 

  • More flexible group scan target selection (combine labels with AND instead of OR, filter selection for labels to exclude)
  • Maintenance section in which users can define clean-up rules for old data (remove old assets, automatically remove old log data etc.)

 

 

Scan Progress Bar (Single Scan)

Scan Progress Bar (Group Scan; Collapsed Info)

Auto Refresh Options

System Diagnostics

Background Load Indicators (green line)

Export & Import of Scan Templates

Reworked THOR Download Section (generate link for the latest version, information about the use of the tokens)

Improved Agent Installer Repackaging Options

Aurora Agent Support

This version allows the deployment and management of our Sigma-based endpoint agent.

You can find information about Aurora here.

ASGARD Management Center allows you to:

  • Manage rules that you want to use
  • Add false positive filters to rules
  • Define response actions for certain rules
  • Manage updates on these rules
  • Group rules into rule sets
  • Use rule sets in an Aurora configurations
  • Assign configurations to groups of end systems
  • Put all response actions in a configuration into simulation mode
  • Put single response actions in simulation mode
  • Manage rules that have been in simulation mode for a certain time
  • Apply so-called response sets (groups of response actions provided by Nextron) to your rule set
  • Apply your IOCs or IOCs retrieved from a MISP instance with Aurora

Aurora Agents (Deployed)

Sigma Rule Set Management

Aurora Agent Configurations

More changes in this release

  • AIX support (beta users only)
  • Collect THOR log as JSON (optional)
  • New section “Playbook Files” to manage all files and tools used in playbooks
  • License expiration warning messages
  • many more – see the changelog for all details

Upgrade

ASGARD Management Center customers upgrade their instances in “Updates > Management Center”. 
Important: Make sure to upgrade Master ASGARD instances before upgrading the connected ASGARDs. 

About the author:

Florian Roth

Florian Roth serves as the Head of Research and Development at Nextron Systems. With a background in IT security since 2000, he has delved deep into nation-state cyber attacks since 2012. Florian has developed the THOR Scanner and actively engages with the community via his Twitter handle @cyb3rops. He has contributed to open-source projects, including 'Sigma', a generic SIEM rule format, and 'LOKI', an open-source scanner. Additionally, he has shared valuable resources like a mapping of APT groups and operations and an Antivirus Event Analysis Cheat Sheet.

Subscribe to our Newsletter

Monthly news, tips and insights.

Follow Us

Upgrade Your Cyber Defense with THOR

Detect hacker activity with the advanced APT scanner THOR. Utilize signature-based detection, YARA rules, anomaly detection, and fileless attack analysis to identify and respond to sophisticated intrusions.

GDPR Cookie Consent with Real Cookie Banner