11.1. Management Center v3.1
11.1.1. Management Center 3.1.6
Release Date: Wed, 13 Nov 2024 15:00:00 +0100
Type |
Description |
---|---|
Bugfix |
Fixed a bug, which caused the maintenance task 'Move asset to another ASGARD' to fail |
Bugfix |
Increased max. size for temporary tables to prevent 'table is full' errors |
Bugfix |
Fixed grayed out 'Save' button when creating one-time use playbooks |
Bugfix |
Fixed a bug, which caused not all asset labels to be applied when accepting a new asset |
Bugfix |
Increased the max. size for mac addresses to prevent 'Data too long for column' errors |
Bugfix |
Fixed csv export of the asset table to include all rows |
Bugfix |
Fixed missing 'last seen' column in csv export of the asset table |
Bugfix |
Fixed performance issues in the asset table |
Bugfix |
Fixed scheduled group scan's details page showing all group scans |
11.1.2. Management Center 3.1.5
Release Date: Tue, 22 Oct 2024 14:02:00 +0200
Breaking Changes
The ASGARD Agent now also acts as the Service Controller. Existing Service Controller installations will be automatically put into sleep mode. Deployed Aurora Agents will still work as expected
Highlights
The ASGARD Agent will from now on receive new tasks in real time.
The ASGARD Agent will from now on be able to run multiple tasks in parallel.
With the new real time agent, there will also be a new field 'Status' in the asset table (online/offline).
Added 'Essential Mode' to the ASGARD Agent, including only THOR and Aurora. It's ideal for critical systems where only the basic functionality is needed.
New 'Managed Service' mode that will use an ASGARD Security Center to manage the asset's licenses on a per-tenant basis.
Integrated THOR Thunderstorm into the ASGARD Management Center to scan samples sent from any device within the network.
New agent module 'File Browser' that allows you to browse the file system of the ASGARD Agent.
Features
New agent module 'Sysstats' that allows you to view the system statistics such as CPU, RAM, and disk usage of the ASGARD Agent in real time.
New agent module 'Log' that allows you to view and download the agent's log.
Users can now be forced to use 2FA or change their password on the next login
Bruteforce protection
Users can now be temporarily disabled
Backup and restore via UI
Improvements
IOC rulesets can now be configured to automatically recompile after changes
New configuration option to use THOR for Server licenses for workstations once the THOR for Workstation licenses are exhausted
Added more API endpoints to the API documentation page
Replaced 'Resource Control' for THOR scans with more granular options like RAM and disk limits
Added a new button to relaunch playbooks or scans
Improved interrogate job for MacOS and Linux assets, e.g. collect installed software and local users
Improved interrogate job to also collect network interface names and mac adresses
Status of Master ASGARD now represents the status of the connected ASGARD Management Centers
Created new 'Incoming requests' graphs in the Overview section
Added new stop button to the group scans table, which will also stop all running tasks
Store the used Aurora Agent version in the service table and show if the version is outdated
Added revision numbers to IOC rulesets
Added new delete button to the scheduled group tasks/scans table
Added new edit button to the scheduled group scans table
Improved and migrated the Agent API validators from the ASGARD Gatekeeper
Added new column 'status' to the Sigma rules table
Added new option to automatically remove Sigma rules from a ruleset if the rule's level has been changed and is under the configured level
Added new columns 'failed' and 'successful' to the group tasks/scans table
Added an option in the LDAP settings to use nested groups
UX
Improved charts and statistics in the Overview section
Moved manuals to more prominent position
Made 'not yet valid' licenses in License section visible in the default view
Added ASGARD Query to Service Control section
When update servers are not reachable, the user will now get a link to the ip adress list
Max. runtime of '0' has been mistakenly described as 'unlimited' in some places. This has been corrected to '48 hours'
Sigma rule update counter will be hidden in case no Aurora or LogWatcher is used
Added filters to the ASGARD Agent Installers page
When creating new playbooks, the user can now also define all steps in one go
When creating a new playbook task, the user can now also create a new playbook on-the-fly
The IOC Management section has been improved. There is now a new 'IOCs' section that contains all IOCs of all groups. When adding new IOCs, groups can now be added on-the-fly.
Toggle visibility of IPv6 addresses in the asset table
Added role descriptions in the Roles management
Added prompt to several dialogs to confirm the action, e.g. when stopping a group scan
Added auto complete to Asset Labels selection
Improved colors of MISP tags
Improved error messages when linking or synchronizing with Master ASGARD or Analysis Cockpit fails
Enhanced security by preventing API endpoint leaks and using a more secure password hash algorithm
Show 'update available' indicator in the sidebar for the Broker Network
Improved overall usability in the Licensing section
Custom IOCs in scan table are now clickable
Fixed double scrollbar in some sections
Use pretty names instead of raw flags when creating a new THOR scan
Show connectivity status in the Analysis Cockpit settings page
Hide MISP stuff if MISP is not configured
Made the license expiration warning dependent on the license runtime
Security
Changed the authentication for Mariadb to not use SHA-1 based mysql_native_password. Thanks to Ianis BERNARD from NATO Cyber Security Centre (NCSC) for reporting this
Bugfixes
Fixed wrong file paths and names when collecting nested directories on Windows assets
Fixed 'Started' and 'Duration' columns for THOR scans, especially when the scan has been resumed
Fixed wrong expire date in the license expiration warning
Deletion of Nextron's default Sigma rules returned success even if the deletion failed
Fixed some non-working filters on the Master ASGARD
Fixed description of allowed characters for ASGARD Agent Installer affix
When deleting IOCs, the affected rulesets have not been marked as 'uncompiled changes'
Fixed a race condition during synchronization with ASGARD Analysis Cockpit
Fixed wrong dialog when disconnecting an ASGARD Gatekeeper
Removed directories from the ASGARD Installer page
Fixed some tooltip overlap issues
Prevent creating IOC groups without a name
Fixed a bug where the total count didn't match the actual search result
Fixed a rare case where the THOR scan fails due to a not yet valid license
Fixed some error messages, which were based on the endpoint's system language
Fixed ASGARD Agent Installer repacker to not touch the /usr/share directory
Fixed ASGARD Agent Installer repacker for AIX not working when also using agent obfuscation
Fixed error message when trying to test compilation of custom IOCs
Fixed short delay of first scan start in a group scan in case a rate limit is set
Fixed error message when trying to unlink a MISP
Chore
Wordings
Removed some deprecated playbooks like installation of the Service Controller or uninstalling the ASGARD 1 Agent
Removed obsolete 'fast poll' mode from the ASGARD Agent