Over the last 4 months, we’ve worked on many new UX improvements and the integration of our endpoint agent Aurora. Today, we are glad to announce the release of ASGARD version 2.13.
UX Improvements
We’ve reworked many sections and dialogues with user experience (UX) in mind.
Overall, we’ve made more than 260 changes, reworked complete sections and dialogues and added completely new functions like the new “diagnostics”.
Some of highlights:
- Each THOR scan now shows a progress bar that doesn’t only show the state of completion but also the current module and element, the module progress and the amount of time spent on this module. This can help you to identify bottlenecks, issues or elements that should better be excluded from the scan.
- All tables now have an option for an auto-refresh, which can be set per user and table (persistent setting by user)
- The new diagnostics section helps you to quickly identify connectivity or configuration issues
- Export and Import of Scan Templates
- Reworked THOR download section, which allows to generate links for the “latest available version” and shows an information on the API endpoint usage
- Improved agent installer repackaging options (e.g. repack all outdated installers)
- Many dialogues with additional error handling of common user errors
Some of the planned UX improvements are still on the roadmap and will be part of the next update. These include:
- More flexible group scan target selection (combine labels with AND instead of OR, filter selection for labels to exclude)
- Maintenance section in which users can define clean-up rules for old data (remove old assets, automatically remove old log data etc.)
Scan Progress Bar (Single Scan)
Scan Progress Bar (Group Scan; Collapsed Info)
Auto Refresh Options
System Diagnostics
Background Load Indicators (green line)
Export & Import of Scan Templates
Reworked THOR Download Section (generate link for the latest version, information about the use of the tokens)
Improved Agent Installer Repackaging Options
Aurora Agent Support
This version allows the deployment and management of our Sigma-based endpoint agent.
You can find information about Aurora here.
ASGARD Management Center allows you to:
- Manage rules that you want to use
- Add false positive filters to rules
- Define response actions for certain rules
- Manage updates on these rules
- Group rules into rule sets
- Use rule sets in an Aurora configurations
- Assign configurations to groups of end systems
- Put all response actions in a configuration into simulation mode
- Put single response actions in simulation mode
- Manage rules that have been in simulation mode for a certain time
- Apply so-called response sets (groups of response actions provided by Nextron) to your rule set
- Apply your IOCs or IOCs retrieved from a MISP instance with Aurora
Aurora Agents (Deployed)
Sigma Rule Set Management
Aurora Agent Configurations
More changes in this release
- AIX support (beta users only)
- Collect THOR log as JSON (optional)
- New section “Playbook Files” to manage all files and tools used in playbooks
- License expiration warning messages
- many more – see the changelog for all details
Upgrade
ASGARD Management Center customers upgrade their instances in “Updates > Management Center”.
Important: Make sure to upgrade Master ASGARD instances before upgrading the connected ASGARDs.
