Feature Ideas

Trending
  1. Editing filter criteria of cases

    After creating a case if would be helpful to edit the filtering criteria: Add Conditions Refine Conditions Toggle "Assign newly incoming events based on ..."

    Philipp W
    #Improvement 👍#ASGARD Analysis Cockpit

    1

  2. Setting to Force 2FA for all accounts

    Please provide a setting on all ASGARD family servers to force users to use/register 2FA

    Michael Sepp // BETTA Security G
    #Improvement 👍#ASGARD Analysis Cockpit#ASGARD Management Center

    1

  3. Start ASGARAD Playbooks e.g. collect file/directory from within the Analysis Cockpit

    Today the analysts need to jump a lot between the two servers if an event leads to the download of a file or directory. It would be beneficial if this could be accomplished by just click an icon next to the file/directory that triggers the download of that file/directory via ASGARD API on the affected asset. Also it would be nice if the analyst could trigger playbook like CyLR from within the Cockpit.

    Michael Sepp // BETTA Security G
    #ASGARD Analysis Cockpit#Deal Breaker 💔#Integrations 🔗

    1

  4. Multiple Changes to the Statistics Overview

    I would like to propose several improvements/feature requests to the "Statistics Overview" in the Analysis Cockpit. With the "Statistics Overview" I'm referring to the 8 graphs above the Baseline events in the Analysis Cockpit Make the values copyable. E.g by right-click Make the width/height customizable, as some events have more text and are currently cut Make the number of graphs and the number of values per graphs customizable Give the ability to "flip" the values, i.e show the least frequent values instead of most frequent Make the x-axis scale dynamically instead of an fixed logarithmic x-axis Make the position and number of the graphs customizable. I.e maybe I want two small graphs at the top and one wide graph at the bottom

    Evgen Blohm // S
    #Improvement 👍#ASGARD Analysis Cockpit

    0

  5. Let THOR scan forensic images directly

    It would be awesome, if we could scan forensic images (like E01 or AFF4) directly with the THOR scanner and the --lab command switch. Currently, we mount the image with Arsenal or FTK, but the performance is not so great. Reading the image format natively would make scanning a lot easier (pipelining, error proof, reduce dependencies, etc). Love to hear your comments!

    Matthias T
    #Improvement 👍#THOR Scanner#Integrations 🔗

    1

  6. Execution path of asgard2_agent

    The installation of the asgard-agent is contrary to CIS Benchmark (Red Hat Enterprise Linux 8): The execution path of the asgard is: /var/lib/asgard2-agent/asgard2-agent The CIS Benchmark advises to set the -noexec flag for the separate partition of /var. Result: The agent is not able to start. Please change the execution path for the agent.

    Philipp W
    #Improvement 👍#Misc 🤷

    0

  7. Another default asgard playbook - print file content

    i keep adding "type $file$" and "cat $file$" playbooks to view the content of txt, ps1, bat and other text files without download. It saves a few clicks compared to the Collect file playbook, speeds up the analysis and reduces the number of LA cases in the security center. Would be nice to have such playbook(s) as part of the default set.

    Albina // BETTA Security G
    #Improvement 👍#ASGARD Management Center

    1

  8. Reporting: Option to cancel a Reporting Process and Progress Bar

    Tested with Asgard Analysis Cockpit V3.7.4 Issue: Unfortunately there currently is no option to cancel the creation of a report and the only status update given during the creation is "Running". Possible Use-cases: Cancel reports with a wrong configuration or ones that take too long. Proposed Improvement: Similar to scan tasks in the Management Center it would be helpful if reporting tasks in the AC had a "Stop" button and ideally a progress bar showing how far along the report creation is. Thanks in advance :)

    Marius Genheimer // S
    #Improvement 👍#ASGARD Analysis Cockpit#Styling 🎨

    0

  9. ASGARD Agent Installer as .MSI File

    To make deployment easier we are seeing more request from customers for a .msi based ASGENT installer rather .exe based installer. Would be nice to have that option.

    Michael Sepp // BETTA Security G
    #Improvement 👍#ASGARD Management Center#Misc 🤷

    2

  10. Modern authentication

    If you could implement modern authentication methods like SAML or MFA. That would be great.

    Philipp W
    #ASGARD Analysis Cockpit#ASGARD Management Center#Integrations 🔗

    1

  11. Move Events from Case A to Case B

    Often you need to move certain Events from Case A to Case B. Right now the workflow is to delete those Events from Case A and then re-add them to Case B. I would suggest adding a button to each case that moves the selected Events to another desired Case.

    Evgen Blohm // S
    #Improvement 👍#ASGARD Analysis Cockpit

    0

  12. Filter prioritization process in Cockpit

    The full prioritization process doesnt work. The priority (low, medium, high, very high) does not have an effect on the assignment of events. For example: In ASGARD all incident cases get notified. In ASGARD we have an incident case for log4shell rules. The vulnerability scanner does active checks (exploitation) for log4shell. The destination server writes the request to the log files. Thor detects the pattern and reports it as Incident. We developed a new case with higher priority which detects the exploitation pattern from the vulnerability scanner. This case does not get all events. Our Notification workflow does not work correctly.

    Philipp W
    #ASGARD Analysis Cockpit#Deal Breaker 💔#Bug 🐛

    2

  13. Sorting Events from the Eventlog Module by Event_Time

    Each Event from the module Eventlog contains a field called Event_Time. An example of such Values is the following EVENT_TIME: Sun Oct 24 00:58:13 2021 As the value of the field begins with the name of the day, it is not possible to sort these Events by Event_Time, as they will be sorted alphabetically. By Sorting i refer to adding the field Event_Time to the columns in the Analysis Cockpit and sorting there Please change the format of these Events so that you can sort them chronologically.

    Evgen Blohm // S
    #ASGARD Analysis Cockpit#Bug 🐛

    1

  14. Remote Console Window cannot be resized since ASGARD 2.11.11

    Since version 2.11.11 the buttons to resize the size of the remote console cannot be extended by adding additional rows or columns. This leads to a very tiny view port to work in. Please add the " Add row" and Add columns" button back to the UI.

    Michael Sepp // BETTA Security G
    #ASGARD Management Center#Bug 🐛

    0

  15. Add "AND NOT" or "AND" Label aggregation options for THOR Group Scans

    Add "AND NOT" or "AND" Label aggregation options for THOR Group Scans via ASGARD instead of the implicit "OR" that is automatically applied. AND This would ease up label management by a large factor because one could control scans without the need for having tons of labels. Example if you would like to scan the Windows ("WIN") 2016 ("SRV_2016") servers in France ("COUNTRY_FR") you would need to crate an additional label like "COUNTRY_FR_WIN_SERVER_2016". Using existing label would not work because using the existing labels WIN, SRV2016, COUNTRY_FR would lead to a scan of all asset that have label "COUNTRY_FR" and all assets that have label "SRV_2016" and all assets that have label "WIN" applied. AND NOT Also it would be helpful to use labels in a scan like "SERVER" AND "WIN" AND NOT "CAR_FACTORY_CONTROL" to exclude groups of asset with certain labels quickly from a scan.

    Michael Sepp // BETTA Security G
    #Improvement 👍#ASGARD Management Center#Deal Breaker 💔

    0