What is the ASGARD Management Center?

The ASGARD Management Center is the central management platform for THOR and SPARK scans. It manages distributed THOR/SPARK scans on thousands of systems, collects, forwards and analyzes logs. Furthermore, the ASGARD Management Center can control and execute complex response tasks if needed.

The hardened, Linux-based ASGARD appliance is a powerful, solid and scalable response platform with agents for Windows, Linux and macOS. It provides essential response features like the collection of file system, registry or memory evidence, malware process termination, remote file system browsing and other counteractive measures. It features templates for scan runs and lets you plan and schedule distributed sweeps with the lowest impact on system resources.

Typical incident response scenarios consists of different stages, whereas each stage has its own challenges and required tools. The ASGARD Management Center platform completes our tool-set universe and supports every stage of the incident response process.

  • Quick Preventive Scanning with the lightweight SPARK scanner or THOR in quick mode
  • Intense Triage Scans with THOR and custom case-based indicators to determine the extend of the incident
  • Evidence Collection with THOR’s quarantine feature or ASGARD Management Center’s file, memory, disk image and registry collection
  • Remediation with ASGARD Management Center’s remote execution and automated counteractive measures
  • Log Collection and Analysis with pre-installed Splunk and ELK services

Other services are:

  • Log Analysis Services – pre-installed ELK and Splunk for maximum convenience
  • Quarantine Service – file quarantine via Bifrost protocol
  • Update Service – automatic updates for THOR / SPARK scanners
  • License Service – central registration and sub license generation
  • Asset Management Service – central inventory and status dashboard

Platform Types

The ASGARD Management Center is provided in the following forms depending on the use case and certain prerequisites.

Hard Appliance

Depending on its main use you can control up to 20,000 end systems from a single ASGARD Management Center hard appliance.

Soft Appliance

The soft appliance is mainly used as scan control for THOR / SPARK scan runs on less than 3,000 end system.

Typical incident response scenarios consists of different stages, whereas each stage has its own challenges and required tools. The ASGARD Management Center platform completes our tool-set universe and supports every stage of the incident response process.

THOR Integration into Microsoft Defender ATP

Why Integrate THOR into Microsoft Defender ATP While Microsoft Defender ATP fully plays off its strength in detecting live attacks, suspicious process starts and network connections, THOR shines as a live forensic scanner that scans the local filesystem, registry,...


We are glad to announce our new product MASTER ASGARD, a central control for a set of ASGARD systems. MASTER ASGARD is designed to control multiple instances of ASGARD, which itself supports up to 10,000 endpoint agents. Using MASTER ASGARD you are able to control...

ASGARD v1.7.2 with File and Memory Collection

Our brand new ASGARD 1.7 comes with a shiny new feature: Evidence Collection The evidence collection feature allows you to collect files or main memory from connected end systems. The memory and file collection tasks provide a throttling option to reduce the upload...

ASGARD Management Center Feature: Scanner Package Download Links

ASGARD features a new section since the last upgrade that you may have missed. It's called "Downloads" and contains a section in which you can configure a download link for scanner packages. In previous versions, the scanners have been accessible right from the login...

Feature: SPARK Sample Quarantine via Bifrost

The new SPARK v1.14.16 supports the sample quarantine protocol named Bifrost.With Bifrost you're able to send suspicious samples that THOR or SPARK  detect on endpoints directly to a central server for analysis.A Bifrost server is shipped in form of a Python script...

ASGARD Management Center’s features are: ƒƒ

  • Flexible and modern web interface ƒƒ
  • Extensive response capabilities ƒƒ
  • Cross-platform agents (Windows, Linux and macOS) ƒƒ
  • Live remote memory analysis via Rekall framework ƒƒ
  • Automatic agent updates ƒƒ
  • Detailed monitoring of client CPU, memory and IO usage and self-imposed limits ƒƒ
  • Task scheduler ƒƒ
  • Fully scalable back-end to handle very large deployments

Further advantages / features are: ƒƒ

  • Customizable platform / open to feature requests ƒƒ
  • Direct contact to the developers / Security Made in Germany