Management Center

ASGARD Management Center not only lets you execute enterprise wide THOR scans. It also provides an easy to use interface for execution of complex response playbooks on up to one million endpoints – all from a single console.

ASGARD ships as hardened virtual appliance and features agents for Microsoft Windows Server&Workstation, Linux, AIX, and MacOS.

Its rich API facilitates interoperation with SOAR frameworks, sandboxes, antivirus systems, SIEM systems, CMDBs, IPS devices – or in other words: with literally any security device you may have in place.


A single ASGARD Management Center can control up to 25,000 endpoints – providing central scan control and response functions with a single click on all connected endpoints.

With Master ASGARD it is possible to control multiple ASGARD Management Centers – thus providing central management for more than one million endpoints in a single console. This also allows for multi-tenant architectures in which individual ASGARDs remain dedicated to one tenant while all ASGARDs share central scan control through Master ASGARD.

Built-in Response Playbooks

The built-in and easy to execute response and information gathering playbooks can be executed on single systems, groups of systems and also large scale on all connected endpoints.

The built-in response playbooks include:

  • Quarantine endpoint
  • Collect full triage package from system
  • Open remote command line on endpoint
  • Collect process tree from endpoint
  • Kill process on endpoint
  • Collect registry from endpoint

Custom Response Playbooks

Our custom response playbooks help you orchestrate your specific responses. Prepare your individual response playbook with up to 16 consecutive steps.

A typical response playbook may look like this:

  • Step 1: Quarantine endpoint on network level
  • Step 2: Upload forensic toolset to endpoint
  • Step 3: Execute forensic tools and generate output package
  • Step 4: Download output package to ASGARD
  • Step 5: Remove toolset and output package from endpoint

Powerful API

The ASGARD API facilitates integration with SOAR frameworks, SIEM systems, IOC feeds/providers (e.g. MISP, ….) and literally any piece of security infrastructure you have in place.

Typical use cases may include:

  • Trigger THOR scan on system that caused alerts in IPS, SIEM, antivirus console, etc.
  • Collect forensic evidence on endpoints
  • Synchronize ASGARD assets with CMDB
  • Drop suspicious samples into sandbox

Hard- and Softappliance

The hardened, Linux-based ASGARD appliance is a powerful, solid and scalable response platform with agents for Windows, Linux and macOS. It either ships as soft appliance or 1U hard appliance. All scale up to 25,000 endpoints. Together with the Master ASGARD appliance this gives you the ability to control more than one million endpoints from one console.

Automated Sandbox Analysis

ASGARD Management Center provides various options to collect suspicious files and drop them into the sandbox of your choice. Just start your scans with the Bifrost-option and all files that exceed a given score will be dropped into the sandbox seamlessly – or just navigate to the respective asset and start the “collect evidence playbook” for the file you want to send to the sandbox.

Powerful Analysis and Baselining

ASGARD Analysis Cockpit gives you full visibility on all your IOC matches, logs and sandbox reports. It allows you to set baselines and points you to security relevant changes in your environment.

Learn More

Upcoming ASGARD Version 2

The last five months we've been working on a shiny new version of our ASGARD platform that overcomes previous limitations and includes exciting new features. ASGARD 2 is a completely rewritten management platform, featuring a new interface, load balancing options, a...

THOR Integration into Microsoft Defender ATP

Why Integrate THOR into Microsoft Defender ATP While Microsoft Defender ATP fully plays off its strength in detecting live attacks, suspicious process starts and network connections, THOR shines as a live forensic scanner that scans the local filesystem, registry,...


We are glad to announce our new product MASTER ASGARD, a central control for a set of ASGARD systems. MASTER ASGARD is designed to control multiple instances of ASGARD, which itself supports up to 10,000 endpoint agents. Using MASTER ASGARD you are able to control...

ASGARD v1.7.2 with File and Memory Collection

Our brand new ASGARD 1.7 comes with a shiny new feature: Evidence Collection The evidence collection feature allows you to collect files or main memory from connected end systems. The memory and file collection tasks provide a throttling option to reduce the upload...

ASGARD Management Center Feature: Scanner Package Download Links

ASGARD features a new section since the last upgrade that you may have missed. It's called "Downloads" and contains a section in which you can configure a download link for scanner packages. In previous versions, the scanners have been accessible right from the login...