Announcing the Launch of Analysis Cockpit v4.0

by Feb 1, 2024

We are pleased to announce the release of Analysis Cockpit v4.0, marking a significant update from version 3.10. This latest version introduces key improvements, including restructured database indices for enhanced performance, an upgraded operating system, and advancements in time synchronization and user interface.

Aimed at delivering a more stable and efficient experience, v4.0 is built to better meet the technical needs of our users. Read on for details about what’s new and how these changes can benefit you. 


  • Elastic Database Index Revamp
    We’ve restructured the index of our elastic database for enhanced stability.
  • Bug Fixes
    Addressed and resolved various bugs to improve overall system performance.
  • UI Enhancements
    A fresh, improved look and feel, making the UI more intuitive and user-friendly.
  • Sync Performance Boost
    We’ve enhanced the synchronization between the Management Center and Analysis Cockpit for quicker and more reliable data transfer.

Major Changes

  • Update Server Switch
    The new version uses instead of Please adjust your firewalls to allow connections to the new server.
  • Operating System Upgrade
    We’ve upgraded the underlying Debian operating system, ensuring a more robust and secure environment.
  • Time Service Transition
    Switching from Ntp to timesyncd for time synchronization. It’s simpler to set up and manage.

Stability in Key Areas

  • API Communication
    The API interface remains unchanged for seamless integration.
  • Compatibility with ASGARD Systems
    Fully compatible with existing ASGARD setups, ensuring a smooth transition.


How long will you support version 3?

We will provide bug fixes and security updates for version 3 until June 2024.

Is the upgrade to version 4.0 an in-place upgrade?

Yes, the upgrade to version 4.0 doesn’t require a new system. It can be completed in-place by running the upgrade utility from an elevated command line.

How long does the upgrade take?

The upgrade typically takes between 15 to 30 minutes. This duration depends on the number of scan reports and cases you have created. Post-upgrade, the Analysis Cockpit will require additional time to synchronize with the Management Center and may display a “red” status temporarily. This is normal and indicates ongoing synchronization. If this status persists for more than 2 hours, please contact for assistance.

Will the system reboot during the upgrade process?

Yes, the system will reboot multiple times during the upgrade process. No additional action is required after a reboot; the update will automatically continue until it is complete.

Are there other things to consider before performing the upgrade?

Ensure that there is at least 20% free disk space on your device. For instructions on freeing up space on your Analysis Cockpit, please refer to this link. The upgrade requires connections to both the old and the new update server. 

Further Information

For more details, please refer to our manual, which provides comprehensive guidance on all the new features and changes.

About the author:

Florian Roth

Florian Roth serves as the Head of Research and Development at Nextron Systems. With a background in IT security since 2000, he has delved deep into nation-state cyber attacks since 2012. Florian has developed the THOR Scanner and actively engages with the community via his Twitter handle @cyb3rops. He has contributed to open-source projects, including 'Sigma', a generic SIEM rule format, and 'LOKI', an open-source scanner. Additionally, he has shared valuable resources like a mapping of APT groups and operations and an Antivirus Event Analysis Cheat Sheet.


New blog posts (~1 email/month)

GDPR Cookie Consent with Real Cookie Banner