The ANALYSIS COCKPIT gives you the power to analyze logs from thousands of systems.

There will be false positives and legitimate occurrences of suspicious elements or dual use tools. This lies in the nature of scanning for APTs and traces of adverse activities and system manipulations.
In heterogeneous IT environments, you could be required to create highly specific filters for 20.000 entries by hand.

You don’t want to do this manually.

How we do it?

We let you export anomalies from Kibana that you don’t want to see in the future to the filter generator.
The ANALYSIS COCKPIT ships with approximately 80 pre-defined automatic filters. These automatic filters will generate sub-filters that are specific to your environment automatically.
(We have done most of the work for you.)

THOR Integration into Microsoft Defender ATP

Why Integrate THOR into Microsoft Defender ATP While Microsoft Defender ATP fully plays off its strength in detecting live attacks, suspicious process starts and network connections, THOR shines as a live forensic scanner that scans the local filesystem, registry,...

ASGARD Analysis Cockpit v2.8 with Sandbox Integration

ASGARD Analysis Cockpit’s new version 2.8.2 features an open API to interface with all major sandbox vendors. It ships with presets for Cuckoo Sandbox and even allows to connect multiple different sandboxes at the same time.  Today users can configure THOR scans in...

ASGARD Analysis Cockpit 2.2 Feature Overview

Later this month the new version 2.2 of ASGARD Analysis Cockpit will be released. These are the most important new features. The Optimize Button The new "Optimize" button allows you to add all unassigned log lines to existing cases with matching filters. It is...