Feature Ideas

Filter

  1. AD Authentication with nested groups

    Nested groups don't work for AD authentication. We use this A LOT.

    Philipp W
    #Improvement 👍#ASGARD Management Center

    1

  2. IOC-Upload

    When uploading YARA rules via WebUI, a split would be nice. I have rules.yar with multiple yara-rules in this file. When uploading it to IOC-Management, there will be one column in the ruleset with all yara rules from the file. It would be helpful to split the multiple rules to multiple columns in the WebUI. I dont know what happens if I have one file with different types of yara-rules in it, though.

    Philipp W
    #Improvement 👍#ASGARD Management Center

    0

  3. Start ASGARAD Playbooks e.g. collect file/directory from within the Analysis Cockpit

    Today the analysts need to jump a lot between the two servers if an event leads to the download of a file or directory. It would be beneficial if this could be accomplished by just click an icon next to the file/directory that triggers the download of that file/directory via ASGARD API on the affected asset. Also it would be nice if the analyst could trigger playbook like CyLR from within the Cockpit.

    Michael Sepp // BETTA Security G
    #ASGARD Analysis Cockpit#Deal Breaker 💔#Integrations 🔗

    2

  4. Multiple Changes to the Statistics Overview

    I would like to propose several improvements/feature requests to the "Statistics Overview" in the Analysis Cockpit. With the "Statistics Overview" I'm referring to the 8 graphs above the Baseline events in the Analysis Cockpit Make the values copyable. E.g by right-click Make the width/height customizable, as some events have more text and are currently cut Make the number of graphs and the number of values per graphs customizable Give the ability to "flip" the values, i.e show the least frequent values instead of most frequent Make the x-axis scale dynamically instead of an fixed logarithmic x-axis Make the position and number of the graphs customizable. I.e maybe I want two small graphs at the top and one wide graph at the bottom

    Evgen Blohm // S
    #Improvement 👍#ASGARD Analysis Cockpit

    0

  5. Setting to Force 2FA for all accounts

    Please provide a setting on all ASGARD family servers to force users to use/register 2FA

    Michael Sepp // BETTA Security G
    #Improvement 👍#ASGARD Analysis Cockpit#ASGARD Management Center

    0

  6. Modern authentication

    If you could implement modern authentication methods like SAML or MFA. That would be great.

    Philipp W
    #ASGARD Analysis Cockpit#ASGARD Management Center#Integrations 🔗

    1

  7. Filter prioritization process in Cockpit

    The full prioritization process doesnt work. The priority (low, medium, high, very high) does not have an effect on the assignment of events. For example: In ASGARD all incident cases get notified. In ASGARD we have an incident case for log4shell rules. The vulnerability scanner does active checks (exploitation) for log4shell. The destination server writes the request to the log files. Thor detects the pattern and reports it as Incident. We developed a new case with higher priority which detects the exploitation pattern from the vulnerability scanner. This case does not get all events. Our Notification workflow does not work correctly.

    Philipp W
    #ASGARD Analysis Cockpit#Deal Breaker 💔#Bug 🐛

    2

  8. Sorting Events from the Eventlog Module by Event_Time

    Each Event from the module Eventlog contains a field called Event_Time. An example of such Values is the following EVENT_TIME: Sun Oct 24 00:58:13 2021 As the value of the field begins with the name of the day, it is not possible to sort these Events by Event_Time, as they will be sorted alphabetically. By Sorting i refer to adding the field Event_Time to the columns in the Analysis Cockpit and sorting there Please change the format of these Events so that you can sort them chronologically.

    Evgen Blohm // S
    #ASGARD Analysis Cockpit#Bug 🐛

    2

  9. Remote Console Window cannot be resized since ASGARD 2.11.11

    Since version 2.11.11 the buttons to resize the size of the remote console cannot be extended by adding additional rows or columns. This leads to a very tiny view port to work in. Please add the " Add row" and Add columns" button back to the UI.

    Michael Sepp // BETTA Security G
    #ASGARD Management Center#Bug 🐛

    0

  10. Add "AND NOT" or "AND" Label aggregation options for THOR Group Scans

    Add "AND NOT" or "AND" Label aggregation options for THOR Group Scans via ASGARD instead of the implicit "OR" that is automatically applied. AND This would ease up label management by a large factor because one could control scans without the need for having tons of labels. Example if you would like to scan the Windows ("WIN") 2016 ("SRV_2016") servers in France ("COUNTRY_FR") you would need to crate an additional label like "COUNTRY_FR_WIN_SERVER_2016". Using existing label would not work because using the existing labels WIN, SRV2016, COUNTRY_FR would lead to a scan of all asset that have label "COUNTRY_FR" and all assets that have label "SRV_2016" and all assets that have label "WIN" applied. AND NOT Also it would be helpful to use labels in a scan like "SERVER" AND "WIN" AND NOT "CAR_FACTORY_CONTROL" to exclude groups of asset with certain labels quickly from a scan.

    Michael Sepp // BETTA Security G
    #Improvement 👍#ASGARD Management Center#Deal Breaker 💔

    0

  11. Different Themes in ASGARD, e.g. "Light", "High Contrast"

    The idea is to add different CSS themes in ASGARD Management Center apart from the default dark theme, e.g. "Light", "High Contrast"

    Florian Roth
    #Improvement 👍#ASGARD Management Center#Styling 🎨

    0

  12. Remove more then 1000 Events from Case

    If you want to remove Events from a case, you can at most remove only all selected Events. As you can only select up to 1000 events at a time, you can also only remove 1000 Events per time. As I sometimes have to remove several thousand events from a case, this takes a while. Please make it so you can either select all events, that conform to the current query OR Change the drop-down menu, to include an option to show all events

    Evgen Blohm // S
    #Improvement 👍#ASGARD Analysis Cockpit

    0

  13. Download THOR Agent

    The Download of the THOR Agent with custom signatures is not possible. Error message: "Could not generate ioc set ERROR: get compiled custom signature ruleset 0 from database: sql: no rows in result set"

    Philipp W
    #ASGARD Management Center#Deal Breaker 💔#THOR Scanner

    1

  14. Default privileges

    In the current configuration, every group and user have to be under the same Base DN. In complex environments this isnt always the case so a very generic Base DN has to be used. This results in much more users are able to login to the web interface. It would be helpful to have no permissions (per default), unless you are listed in any group in LDAP Roles.

    Philipp W
    #Improvement 👍#ASGARD Analysis Cockpit

    1

  15. Multiple E-Mail Recipients

    If there are multiple E-Mail recipients for notifications, it gets displayed as Send mail to recipient1@ohb.de Send mail to recipient2@ohb.de But it gets "rendered" to this: To: [recipient1@ohb.de recipient2@ohb.de] I got this format from forwarding the e-mail. If you have some advice on how topin down the problem, I can give an follow up. Just recipient1@ohb.de gets notifications. So our notification system is not working.

    Philipp W
    #ASGARD Analysis Cockpit#Deal Breaker 💔#Bug 🐛

    0