5. MASTER ASGARD¶
MASTER ASGARD is a single central management console that can control all of your ASGARD systems. It is meant to centrally manage controlled scans on all your ASGARD systems. MASTER ASGARD also provides one central point of management for your Response Playbooks, Evidence Collection and IOC Management. A special license for this is needed.
To install a Master ASGARD, you have to choose the command line argument
-masterasgard after the installation from our ISO. This has to be
a new system, you cannot install a MASTER ASGARD on an existing ASGARD
After the MASTER ASGARD and later its license have been installed, many functions offer additional options. From that moment onwards, your MASTER ASGARD can use all endpoints connected to your linked ASGARD systems, just like a normal ASGARD.
5.1. Hardware Requirements for MASTER ASGARD¶
The MASTER ASGARD has the following hardware requirements:
|System Memory||16 GB|
|Hard Disk||1 TB|
5.2. License Management¶
Once you connect your ASGARD Management Centers to your MASTER ASGARD, the licensing sections on connected ASGARD Management Centers become inactive. The local ASGARD license will be replaced with the MASTER ASGARD license. Every ASGARD can issue scanning licenses to assets as long as the total number of scanned servers and workstations does not exceed the number of systems in the MASTER license.
5.3. Setting up MASTER ASGARD¶
The setup procedure for MASTER ASGARD is identical to the setup procedure for ASGARD Management Center, see Setup Guide.
5.3.1. Default Credentials¶
|CLI/SSH||nextron||manually set during system installation|
5.5. Scan Control¶
Scan Control in MASTER ASGARD looks the same as in an ASGARD server. The only difference is that you can select an ASGARD Server or "All ASGARDs" to run the scans on.
5.6. Asset Management¶
Asset Management in MASTER ASGARD is very similar to the asset management in ASGARD.
The only differences are:
- ASGARD column shows to which ASGARD system the endpoint is connected
- Only CSV export is allowed (asset labeling via CSV import is unavailable)
5.7. IOC Management¶
On MASTER ASGARD you can manage IOCs exactly like on ASGARD. The only limitation is that IOCs in MASTER ASGARD and ASGARD are isolated. That means if you want to use the IOCs from MASTER ASGARD, you need to initiate the scan from MASTER ASGARD and if you want to use the IOCs from ASGARD, you need to initiate the scan from ASGARD. In general we suggest to manage IOCs in MASTER ASGARD for maximum flexibility.
5.8. Service Control¶
Service Control lists the asset with an installed service controller. An asset is either managed by MASTER ASGARD or its connected ASGARD, not by both. If an asset is managed by MASTER ASGARD it can still be viewed by the connected ASGARD (and vice versa). If MASTER ASGARD or ASGARD edits a configuration of an asset it will take over the "leadership" over this asset, no matter by which it was managed beforehand.
5.9. Evidence Collection¶
All collected evidence is available in MASTER ASGARD's
Evidence Collection section.
5.10. Download Section¶
Downloads section of MASTER ASGARD allows to generate and
download Agent Installers on all your connected ASGARDs. This
allows for a central management of the Installers.
Updates section contains a tab in which upgrades for ASGARD can be installed.
A third tab named
THOR and Signatures gives you an overview of
the used scanner and signature versions on all connected ASGARDs.
It is possible to set a certain THOR and Signatures version for each connected ASGARD. However, if automatic updates are configured, this setting has only effect until a new version gets downloaded.
Customers use this feature in cases where they want to test a certain THOR version before using it in production. In this use case the ASGARD system that runs the test scans is set to automatic updates, while the ASGARD systems in production use versions that administrators set manually after successful test runs.
5.12. User Management¶
MASTER ASGARD offers no central user and role management for all connected ASGARD servers. Since MASTER ASGARD and ASGARD allow to use LDAP for authentication, we believe that complex and centralized user management should be based on LDAP.
5.13. MASTER ASGARD and Analysis Cockpit¶
It is not possible to link a MASTER ASGARD with an Analysis Cockpit and transmit all scan logs via MASTER ASGARD to a single Analysis Cockpit instance. Each ASGARD has to deliver its logs separately to a connected Analysis Cockpit.
5.14. MASTER ASGARD API¶
The MASTER ASGARD API is documented in the
section and resembles the API in ASGARD systems.
However, many API endpoints contain a field in which users select the
corresponding ASGARD (via
ID) or all ASGARDs (