3.10. THOR Excludes and False-Positive Filters¶
In THOR you can define directory and file excludes
and false positive filters.
With ASGARD 2.13+ these features can be globally defined in ASGARD at
Scan Control >
Be careful not to use too broad filters or excludes as this might cripple THOR's detection capabilities, if done incorrectly.
3.11. Syslog Forwarding¶
To configure syslog forwarding of logs, you can set the
during scans. You have multiple options as to where you can send the logs.
--syslog value is constructed of the following arguments:
|server||The receiving server,
||FQDN or IP of remote host |
|syslogtype||Type of syslog format, valid formats are:||DEFAULT, CEF, JSON, SYSLOGJSON, SYSLOGKV|
|sockettype||optional, default is
||UDP, TCP, TCPTLS|
|||The remote Host can be ASGARD or any other syslog capable system.|
If you choose to use the
--syslog flag, please make sure that the
necessary ports are allowed within your network/firewall. If you decide
to send the logs via syslog to ASGARD, please have a look at
the Rsyslog Forwarding.