Welcome to ASGARD's documentation!¶
ASGARD Management Center is the central management platform for THOR scans. It manages distributed THOR scans on thousands of systems, collects and forwards scan results.
Furthermore, ASGARD can control and execute complex response tasks, if needed. It features built-in response playbooks for quarantining endpoints, creating and collecting triage packs, opening remote shells and other actions incident response specialists will find useful.
Moreover, ASGARD provides an easy to use interface for creation of custom multi-step response playbooks that can execute any command on endpoints and collect the respective outputs.
ASGARD Management Center is available as a virtual appliance and also as a hard appliance. Both are based on Debian Buster and require a setup procedure in order to generate customized agent installers and cryptographic keys.
This document describes all functions and steps for setup and operation of the ASGARD Management Center. It will describe how to add systems to be scanned, as well as performing individual or group scanning with separate parameters.
Contents
- 1. Before You Begin
- 2. Setup Guide
- 2.1. Create a new ESX VM and Mount the ISO
- 2.2. Navigate through the installer
- 2.3. Network Configuration
- 2.4. Choosing a password
- 2.5. Partitioning the Hard Disk
- 2.6. Proxy Configuration
- 2.7. Install the ASGARD Management Center Services
- 2.8. Changing the IP-Address
- 2.9. Change the Command Line Password
- 2.10. Change the Web Password
- 3. Administration
- 3.1. Licensing
- 3.2. System Status
- 3.3. ASGARD Agent Deployment
- 3.4. Asset Management
- 3.5. Asset Query
- 3.6. Asset Migration
- 3.7. Scan Control
- 3.8. Scan a Single System
- 3.9. Scan Groups of Systems
- 3.10. THOR Excludes and False-Positive Filters
- 3.11. Syslog Forwarding
- 3.12. Response Control
- 3.13. Service Control
- 3.14. Sigma
- 3.15. Aurora
- 3.16. LogWatcher Service
- 3.17. Logwatcher Operation
- 3.18. IOC Management
- 3.19. Evidence Collection
- 3.20. Updates
- 3.21. User Management
- 3.22. Additional Settings
- 3.23. Account Settings
- 4. MASTER ASGARD
- 4.1. Hardware Requirements for MASTER ASGARD
- 4.2. License Management
- 4.3. Setting up MASTER ASGARD
- 4.4. Link ASGARD Systems with MASTER ASGARD
- 4.5. Scan Control
- 4.6. Asset Management
- 4.7. IOC Management
- 4.8. Service Control
- 4.9. Evidence Collection
- 4.10. Download Section
- 4.11. Updates
- 4.12. User Management
- 4.13. MASTER ASGARD and Analysis Cockpit
- 4.14. MASTER ASGARD API
- 5. Maintenance
- 6. Advanced Configuration
- 7. Troubleshooting
- 7.1. Diagnostic Pack
- 7.2. Agent Debugging
- 7.3. SSL Interception
- 7.4. Using Hostname instead of FQDN
- 7.5. ASGARD Errors
- 7.6. Resetting TLS/SSL Certificates
- 7.7. Admin User Password Reset
- 7.8. Reset Two Factor Authentication for a specific User
- 7.9. Scheduled Scans do not run at the correct time
- 7.10. Aurora is generating too many False Positives
- 8. Known Issues
- 8.1. AMC#009: agent-access.log is not being rotated
- 8.2. AMC#008: Show Asset Timeline Fails
- 8.3. AMC#007: Sigma Rule Update Fails
- 8.4. AMC#006: Nested LDAP Groups not working
- 8.5. AMC#005: Basename Missing Operand after SSH Login
- 8.6. AMC#004: RPM Packages do not have a compatible architecture
- 8.7. AMC#003: Error on newly installed Management Center
- 8.8. AMC#002: Aurora False Positive Filters Cleared After Saving
- 8.9. AMC#001: API Documentation Curl Examples Not Working
- 9. Appendix