3.22. Additional Settings¶
3.22.1. Rsyslog Forwarding¶
Rsyslog forwarding can be configured in
To add a forwarding configuration for local log sources, click
Add Rsyslog Forwarding.
The following log sources can be forwarded individually:
|ASGARD Log||Everything related to the ASGARD service, processes, task and scan jobs|
|ASGARD Audit Log||Detailed audit log of all user activity within the system|
|Agent Log||All ASGARD agent activities|
|THOR Log||THOR scan results|
|Thor Log (Realtime)||The THOR (Realtime) logs are the same logs as THOR logs, except that they are collected via udp syslog instead of https. To forward THOR logs in realtime, you have to configure your scans to forward syslog to ASGARD, see Syslog Forwarding). Make sure the necessary firewall rules are in place to allow the asset to communicate with the ASGARD.|
|Aurora Log||Aurora Logs|
3.22.2. TLS Certificate Installation¶
Instead of using the pre-installed self-signed TLS Certificate, users can upload their own TLS Certificate for ASGARD.
In order to achieve the best possible compatibility with the
most common browsers, we recommend using the system's FQDN
in both fields
Common Name AND
Please note that generating a CSR on the command line is not supported.
The generated CSR can be used to generate a TLS Certificate.
Subsequently, this TLS Certificate can be uploaded in the
3.22.3. Manage Services¶
The individual ASGARD services can be managed in
The services can be stopped or restarted with the respective buttons in the
3.22.4. NTP Configuration¶
The current NTP configuration can be found in the NTP sub-section.
A Source Pool or Source Server can be removed by clicking the delete action.
To create a new Source Pool or Source Server, click
Add NTP Source in
the upper right corner.
3.22.5. Settings for Bifrost¶
Bifrost allows you to automatically upload suspicious files to your
ASGARD during a THOR scan. If an Analysis Cockpit is connected,
these files get automatically forwarded to the Analysis Cockpit
in order to drop them into a connected Sandbox system. However,
the collected files will stay on ASGARD for the amount of time
Retention time (0 days represent an indefinite amount of time).
The collected files can be downloaded in the
section. All files are zip archived and password protected with the password
In order to automatically collect suspicious files, you have to
create a scan with Bifrost enabled. Check the
Send Suspicious Files to ASGARD
option to send samples to the system set as
bifrost2Server. Use the placeholder
%asgard-host% to use the hostname of you ASGARD instance as the Bifrost server.
This will collect all files with a score of 60 or higher and make
them available for download in ASGARDs
Collected Files section.
For Details on how to automatically forward to a sandbox system please refer to the Analysis Cockpit Manual .
3.22.6. Link Analysis Cockpit¶
In order to connect to an Analysis Cockpit, enter the
respective hostname of the Analysis Cockpit (use the same
FQDN used during installation of the Analysis Cockpit) in
FQDN, enter the one-time code, choose the
type and click
Update Analysis Cockpit.
The Cockpit's API key can be found at
ASGARD must be able to connect to the Analysis Cockpit
on port 443/TCP for a successful integration. Once connected,
the Cockpit will show up in ASGARDs
System Status >
section together with the other connectivity tests.
Please wait up to five minutes for the status to
change on ASGARD's system status page. It will change from
Not linked to
3.22.7. Link MISP¶
In order to connect to a MISP with your ASGARD Management Center,
MISP. Insert the MISP's address,
along with the API Key and click
Test and Link MISP.
The MISP connectivity status is shown in the
Please allow five minutes for the connection status to indicate the
correct status, and also MISP rules to be downloaded and shown in
IOC Management >
3.22.8. Change Proxy Settings¶
In this dialogue, you can add or modify ASGARDs proxy configuration. Please note, you need to restart the ASGARD service (Tab Services) afterwards.
3.22.9. Link MASTER ASGARD¶
In order to control your ASGARD with a MASTER ASGARD, you must generate a One-Time Code and use it in the "Add ASGARD" dialogue within the MASTER ASGARD frontend.
The Advanced tab lets you specify additional global settings.
The session timeout for web-based UI can be configured. Default
is one hour. If
Show Advanced Tasks is set, ASGARD will
show system maintenance jobs (e.g. update ASGARD Agent on endpoints)
within the response control section.
Inactive assets can be hidden in the Asset Management Section
by setting a suitable threshold for
Hide inactive Assets.