3.22. Additional Settings

3.22.1. Rsyslog Forwarding

Rsyslog forwarding can be configured in Settings > RSYSLOG. To add a forwarding configuration for local log sources, click Add Rsyslog Forwarding.

Rsyslog Forwarding

The following log sources can be forwarded individually:

Available Log Sources
Log Description
ASGARD Log Everything related to the ASGARD service, processes, task and scan jobs
ASGARD Audit Log Detailed audit log of all user activity within the system
Agent Log All ASGARD agent activities
THOR Log THOR scan results
Thor Log (Realtime) The THOR (Realtime) logs are the same logs as THOR logs, except that they are collected via udp syslog instead of https. To forward THOR logs in realtime, you have to configure your scans to forward syslog to ASGARD, see Syslog Forwarding). Make sure the necessary firewall rules are in place to allow the asset to communicate with the ASGARD.
Aurora Log Aurora Logs

3.22.2. TLS Certificate Installation

Instead of using the pre-installed self-signed TLS Certificate, users can upload their own TLS Certificate for ASGARD.

Generate a Certificate Signing Request (CSR)

Generate a Certificate Signing Request (CSR)

In order to achieve the best possible compatibility with the most common browsers, we recommend using the system's FQDN in both fields Common Name AND Hostnames.

Please note that generating a CSR on the command line is not supported.

The generated CSR can be used to generate a TLS Certificate. Subsequently, this TLS Certificate can be uploaded in the Settings > TLS section.

Upload a TLS Certificate

Upload a TLS Certificate

3.22.3. Manage Services

The individual ASGARD services can be managed in Settings > Services. The services can be stopped or restarted with the respective buttons in the Actions column.

Configuration of Services

Manage Services

3.22.4. NTP Configuration

The current NTP configuration can be found in the NTP sub-section.

NTP Configuration

NTP configuration

A Source Pool or Source Server can be removed by clicking the delete action. To create a new Source Pool or Source Server, click Add NTP Source in the upper right corner.

3.22.5. Settings for Bifrost

Bifrost allows you to automatically upload suspicious files to your ASGARD during a THOR scan. If an Analysis Cockpit is connected, these files get automatically forwarded to the Analysis Cockpit in order to drop them into a connected Sandbox system. However, the collected files will stay on ASGARD for the amount of time specified in Retention time (0 days represent an indefinite amount of time).

Settings for Bifrost

Settings for Bifrost

The collected files can be downloaded in the Evidence Collection section. All files are zip archived and password protected with the password infected.

In order to automatically collect suspicious files, you have to create a scan with Bifrost enabled. Check the Send Suspicious Files to ASGARD option to send samples to the system set as bifrost2Server. Use the placeholder %asgard-host% to use the hostname of you ASGARD instance as the Bifrost server.

Bifrost Options

Scan option for Bifrost

This will collect all files with a score of 60 or higher and make them available for download in ASGARDs Collected Files section.

For Details on how to automatically forward to a sandbox system please refer to the Analysis Cockpit Manual .

3.22.8. Change Proxy Settings

In this dialogue, you can add or modify ASGARDs proxy configuration. Please note, you need to restart the ASGARD service (Tab Services) afterwards.

Change Proxy Settings

Change Proxy Settings

3.22.10. Advanced

The Advanced tab lets you specify additional global settings. The session timeout for web-based UI can be configured. Default is one hour. If Show Advanced Tasks is set, ASGARD will show system maintenance jobs (e.g. update ASGARD Agent on endpoints) within the response control section.

Inactive assets can be hidden in the Asset Management Section by setting a suitable threshold for Hide inactive Assets.

Advanced Settings

Advanced Settings