Announcing the Launch of ASGARD Analysis Cockpit v4.1

by Jun 21, 2024

We are excited to announce the release of ASGARD Analysis Cockpit v4.1, a substantial upgrade from version 4.0. This latest version introduces significant improvements and new features designed to enhance performance, usability, and stability. 
ASGARD Analysis Cockpit v4.1 strives to provide a more efficient and robust user experience, addressing the evolving technical requirements of our users. Read on for detailed information about the latest updates learn how these changes can enhance your workflow.

Major Changes

  • Custom Event Dashboards: Create personalized dashboards in the Baselining and All Events sections.  
  • Event Insights by ChatGPT: Automatically analyze THOR events with assessments and recommendations and ask ChatGPT to explain THOR events or terms within an event.  
  • Matched Signatures Section: View all matched signatures chronologically in the new ‘Matched Signatures’ section.  
  • File Collection via Management Center: Collect files from an asset through the Management Center.  
  • Data Retention Policy: Retain events for a specified period and automatically delete them afterwards.  
  • Graphs and Statistics: Added to the Overview Dashboard for enhanced data visualization.  

Improvements

  • Bug Fixes
    Addressed and resolved various bugs to improve overall system performance. 
  • UI Enhancements
    A fresh, improved look and feel, making the UI more intuitive and user-friendly. 
  • Elastic search Indexing Overhaul
    The indexing structure for events in Elasticsearch has been completely revamped, significantly improving performance.  
  • Case Sensitivity Adjustment
    Conditions in cases are now case-insensitive, and existing conditions will be converted automatically. 

    Stability in Key Areas

    • API Communication
      The API interface remains unchanged for seamless integration. 

    Elasticsearch: Enhanced Performance and New Indexing Structure

    We have changed the way events are indexed in Elasticsearch. The new index structure significantly improves performance but increases disk space usage by 30%-40%.
    After the upgrade, all events will be reindexed, which can take several hours depending on the number of events in your system. The system remains usable during this process, but we recommend performing the upgrade during off-peak hours.
    If the Analysis Cockpit reaches its disk space limit during reindexing, the process will pause until more disk space is available. The Analysis Cockpit will guide you on how to free up or increase disk space, and the reindexing process will automatically resume once enough disk space is available.

    FAQs

    How long does the update take? 

    The update itself only takes a few minutes. The analytics cockpit needs additional time to re-index the events, which can take hours to days depending on the number of events. We recommend performing the upgrade outside of peak business hours. 

    Will the system restart during the update process?  

    The system does not restart during the update. Once the first update is complete, you will need to log in again. 

    Can I continue to work during the restructuring? 

    Yes, you can continue to work during this time, as the latest events will be re-indexed first and will be available immediately. The status of the re-indexing can be tracked on the system status page. Re-indexing gives the ASGARD Analysis Cockpit an immense performance boost. This speeds up queries and makes work more efficient. 

    Further Information

    For more details, please refer to our manual or our ASGARD Analysis Cockpit Youtube-Playlist, which provides comprehensive guidance on all the new features and changes. You can also contact our support for further assistance.

    If you cannot see the embedded video, here is a direct link. 

    About the author:

    Boris Deibel

    Subscribe to our Newsletter

    Monthly news, tips and insights.

    Follow Us

    Upgrade Your Cyber Defense with THOR

    Detect hacker activity with the advanced APT scanner THOR. Utilize signature-based detection, YARA rules, anomaly detection, and fileless attack analysis to identify and respond to sophisticated intrusions.

    GDPR Cookie Consent with Real Cookie Banner