Management Center

ASGARD Management Center is the perfect incident response platform. It not only lets you execute enterprise wide THOR scans. It also provides an easy to use interface for execution of complex response playbooks on up to one million endpoints – all from a single console.

ASGARD ships as hardened virtual appliance and features agents for Microsoft Windows, Linux, AIX, and MacOS.

Its rich API facilitates interoperation with SOAR frameworks, sandboxes, antivirus systems, SIEM systems, CMDBs, IPS devices – or in other words: with literally any security device you may have in place.

Single System Live Forensics

Evaluating SIEM or EDR events can be a tedious task. Analysts often have to decide whether to check off a warning or order a full forensic analysis. ASGARD allows you to run a live forensics scan on any connected endpoint, providing a deeper analysis, saving analysts time and costs.


In today’s fast-paced threat landscape, we get numerous indicators of compromise (IOCs) from public reports, official entities, partners or sharing groups. ASGARD allwos you to quickly check end systems for a set of custom IOCs. It features MISP integration with a neat interface and supports manual STIX v2 imports.

Continuous Compromise Assessment

Compromise assessments provide an in-depth analysis including anomalies, suspicious elements and sometimes malicious activity. But this thorough analysis comes at a price: time and effort. In combination with the baselining features of our Analysis Cockpit, we limit the effort of every subsequent compromise assessment to a minimum.


A single ASGARD Management Center can control up to 25,000 endpoints – providing central scan control and response functions with a single click on all connected endpoints.

With Master ASGARD it is possible to control multiple ASGARD Management Centers – thus providing central management for more than one million endpoints in a single console. This also allows for multi-tenant architectures in which individual ASGARDs remain dedicated to one tenant while all ASGARDs share central scan control through Master ASGARD.

Built-in Response Playbooks

The built-in and easy to execute response and information gathering playbooks can be executed on single systems, groups of systems and also large scale on all connected endpoints.

The built-in response playbooks include:

  • Memory collection
  • File collection
  • Registry collection
  • Quarantine
  • Remote console (full cmd / shell) 

Custom Response Playbooks

Our custom response playbooks help you orchestrate your specific responses. Prepare your individual response playbook with up to 16 consecutive steps.

A typical response playbook may look like this:

  • Step 1: Quarantine endpoint on network level
  • Step 2: Upload forensic toolset to endpoint
  • Step 3: Execute forensic tools and generate output package
  • Step 4: Download output package to ASGARD
  • Step 5: Remove toolset and output package from endpoint

Powerful API

The ASGARD API facilitates integration with SOAR frameworks, SIEM systems, IOC feeds/providers (e.g. MISP, ….) and literally any piece of security infrastructure you have in place.

Typical use cases may include:

  • Trigger THOR scan on system that caused alerts in IPS, SIEM, antivirus console, etc.
  • Collect forensic evidence on endpoints
  • Synchronize ASGARD assets with CMDB
  • Drop suspicious samples into sandbox

Hard- and Softappliance

The hardened, Linux-based ASGARD appliance is a powerful, solid and scalable response platform with agents for Windows, Linux and macOS. It either ships as soft appliance or 1U hard appliance. All scale up to 25,000 endpoints. Together with the Master ASGARD appliance this gives you the ability to control more than one million endpoints from one console.

Automated Sandbox Analysis

ASGARD Management Center provides various options to collect suspicious files and drop them into the sandbox of your choice. Just start your scans with the Bifrost-option and all files that exceed a given score will be dropped into the sandbox seamlessly – or just navigate to the respective asset and start the “collect evidence playbook” for the file you want to send to the sandbox.

Optimized Analysis and Baselining

ASGARD Analysis Cockpit gives you full visibility on all your IOC matches, logs and sandbox reports. It allows you to set baselines and points you to security relevant changes in your environment.

Learn More

Feature Highlights

MISP Integration

This short demo shows how easy it is to launch a scan with custom IOCs from a connected MISP.

In the example we select all events with the keyword “Emotet”, add them to a new rule set and use that rule set in a new Group Scan with THOR.

Remote Console

This example shows some of the Remote Console features. You get a full console on the remote system. On Windows you can even run PowerShell to run more complex scripts. On Linux systems you get a local shell. All remote sessions get recorded and can be replayed in an integrated player. 

ASGARD 2.14 Release

We've just released the new ASGARD Management Center version 2.14 with important new features. This blog posts lists the most important changes in dedicated chapters. The whole change log can be found at the end of the article. Broker Network The Broker Network allows...

ASGARD v2.13 Release

Over the last 4 months, we've worked on many new UX improvements and the integration of our endpoint agent Aurora. Today, we are glad to announce the release of ASGARD version 2.13. UX Improvements We've reworked many sections and dialogues with user experience (UX)...

ASGARD v2.12 Released

The new ASGARD Management Center version 2.12 adds new features and fixes several issues that were introduced with the version 2.11 in December last year.Better Sigma Rule Management We've added new features and improved the usability of the sigma rule management...

Product Surveys – Tell us what you think

We'd like to know your opinion on our products and therefore ask you to participate in our product surveys. Each of them takes between 2 and 5 minutes of your time, depending on how much you'd like to tell us.THOR Customer Satisfaction Survey You find the survey...

ASGARD: Check your Signature Versions

It came to our attention that under certain circumstances, after the upgrade to ASGARD 2.11, some ASGARD instances lost their scheduled task to automatically assign the newest signatures to scan jobs . We advice customers to review their update configuration if they...
GDPR Cookie Consent with Real Cookie Banner