3.21. Additional Settings

3.21.1. Rsyslog Forwarding

Rsyslog forwarding can be configured in Settings > System > Rsyslog. To add a forwarding configuration for local log sources, click Add Rsyslog Forwarding.

Rsyslog Forwarding

The following log sources can be forwarded individually:

Available Log Sources

Log

Description

ASGARD Log

Everything related to the ASGARD service, processes, task and scan jobs

ASGARD Audit Log

Detailed audit log of all user activity within the system

Agent Log

All ASGARD agent activities

THOR Log

THOR scan results

Thor Log (Realtime)

The THOR (Realtime) logs are the same logs as THOR logs, except that they are collected via udp syslog instead of https. To forward THOR logs in realtime, you have to configure your scans to forward syslog to ASGARD, see Syslog Forwarding). Make sure the necessary firewall rules are in place to allow the asset to communicate with the ASGARD.

Aurora Log

Aurora Logs

3.21.2. TLS Certificate Installation

Instead of using the pre-installed self-signed TLS Certificate, users can upload their own TLS Certificate for ASGARD.

Generate a Certificate Signing Request (CSR)

Generate a Certificate Signing Request (CSR)

In order to achieve the best possible compatibility with the most common browsers, we recommend using the system's FQDN in both fields Common Name AND Hostnames.

Please note that generating a CSR on the command line is not supported.

The generated CSR can be used to generate a TLS Certificate. Subsequently, this TLS Certificate can be uploaded in the Settings > TLS section.

Upload a TLS Certificate

Upload a TLS Certificate

Note

Please see Install TLS certificates on ASGARD and MASTER ASGARD for a guide on how to sign the CSR and install it in your ASGARD.

3.21.3. Manage Services

The individual ASGARD services can be managed in Settings > System > Services. The services can be stopped or restarted with the respective buttons in the Actions column.

Configuration of Services

Manage Services

3.21.4. NTP Configuration

The current NTP configuration can be found Settings > System > NTP.

NTP Configuration

NTP configuration

You can add or delete NTP servers by adding/changing the values in the text fields. After you are done with your changes, click Save and Restart NTP to save your changes.

3.21.5. Settings for Bifrost

Bifrost allows you to automatically upload suspicious files to your ASGARD during a THOR scan. If an Analysis Cockpit is connected, these files get automatically forwarded to the Analysis Cockpit in order to drop them into a connected Sandbox system. However, the collected files will stay on ASGARD for the amount of time specified in Retention time (0 days represent an indefinite amount of time).

Settings for Bifrost

Settings for Bifrost

The collected files can be downloaded in the Evidence Collection section. All files are zip archived and password protected with the password infected.

In order to automatically collect suspicious files, you have to create a scan with Bifrost enabled. Check the Send Suspicious Files to ASGARD option to send samples to the system set as bifrost2Server. Use the placeholder %asgard-host% to use the hostname of you ASGARD instance as the Bifrost server.

Bifrost Options

Scan option for Bifrost

This will collect all files with a score of 60 or higher and make them available for download in ASGARDs Collected Files section.

For Details on how to automatically forward to a sandbox system please refer to the Analysis Cockpit Manual .

3.21.9. Change Proxy Settings

In this dialogue, you can add or modify ASGARDs proxy configuration. Please note, you need to restart the ASGARD service (Tab Services) afterwards.

Change Proxy Settings

Change Proxy Settings