{"id":3644,"date":"2018-08-14T13:08:35","date_gmt":"2018-08-14T11:08:35","guid":{"rendered":"http:\/\/nextron.bsk-consulting.de\/?p=3644"},"modified":"2022-03-25T14:15:04","modified_gmt":"2022-03-25T13:15:04","slug":"asgard-ioc-management","status":"publish","type":"post","link":"https:\/\/www.nextron-systems.com\/2018\/08\/14\/asgard-ioc-management\/","title":{"rendered":"ASGARD IOC Management"},"content":{"rendered":"<p>[et_pb_section fb_built=&#8221;1&#8243; _builder_version=&#8221;3.22&#8243;][et_pb_row _builder_version=&#8221;3.25&#8243; background_size=&#8221;initial&#8221; background_position=&#8221;top_left&#8221; background_repeat=&#8221;repeat&#8221; column_structure=&#8221;1_3,2_3&#8243;][et_pb_column type=&#8221;1_3&#8243; _builder_version=&#8221;3.25&#8243; custom_padding=&#8221;|||&#8221; custom_padding__hover=&#8221;|||&#8221;][et_pb_text _builder_version=&#8221;3.27.4&#8243;]<\/p>\n<p>The upcoming ASGARD version 1.5 comes with a IOC management section in which you can manage your own set of IOCs in text files, YARA and Sigma rules.<\/p>\n<p>[\/et_pb_text][\/et_pb_column][et_pb_column type=&#8221;2_3&#8243; _builder_version=&#8221;3.25&#8243; custom_padding=&#8221;|||&#8221; custom_padding__hover=&#8221;|||&#8221;][et_pb_image src=&#8221;https:\/\/www.nextron-systems.com\/wp-content\/uploads\/2018\/08\/Screen-Shot-2018-08-10-at-16.10.08.png&#8221; show_in_lightbox=&#8221;on&#8221; align_tablet=&#8221;center&#8221; align_last_edited=&#8221;on|desktop&#8221; _builder_version=&#8221;4.4.2&#8243; hover_enabled=&#8221;0&#8243;][\/et_pb_image][\/et_pb_column][\/et_pb_row][et_pb_row _builder_version=&#8221;3.25&#8243; background_size=&#8221;initial&#8221; background_position=&#8221;top_left&#8221; background_repeat=&#8221;repeat&#8221; column_structure=&#8221;1_3,2_3&#8243;][et_pb_column type=&#8221;1_3&#8243; _builder_version=&#8221;3.25&#8243; custom_padding=&#8221;|||&#8221; custom_padding__hover=&#8221;|||&#8221;][et_pb_text _builder_version=&#8221;3.27.4&#8243;]<\/p>\n<p>You can then select each of the folders when creating a new scan run with THOR or SPARK. Selecting one of these folders will not include the sub folders. <\/p>\n<p>[\/et_pb_text][\/et_pb_column][et_pb_column type=&#8221;2_3&#8243; _builder_version=&#8221;3.25&#8243; custom_padding=&#8221;|||&#8221; custom_padding__hover=&#8221;|||&#8221;][et_pb_image src=&#8221;https:\/\/www.nextron-systems.com\/wp-content\/uploads\/2018\/08\/Screen-Shot-2018-08-10-at-18.27.59.png&#8221; show_in_lightbox=&#8221;on&#8221; align_tablet=&#8221;center&#8221; align_last_edited=&#8221;on|desktop&#8221; _builder_version=&#8221;4.4.2&#8243; hover_enabled=&#8221;0&#8243;][\/et_pb_image][\/et_pb_column][\/et_pb_row][et_pb_row _builder_version=&#8221;3.25&#8243; background_size=&#8221;initial&#8221; background_position=&#8221;top_left&#8221; background_repeat=&#8221;repeat&#8221; column_structure=&#8221;1_3,2_3&#8243;][et_pb_column type=&#8221;1_3&#8243; _builder_version=&#8221;3.25&#8243; custom_padding=&#8221;|||&#8221; custom_padding__hover=&#8221;|||&#8221;][et_pb_text _builder_version=&#8221;3.27.4&#8243;]<\/p>\n<p>You can schedule and run scans with different IOC, Sigma and YARA rule sets. You can review the included custom signatures in the scan details.\u00a0 <\/p>\n<p>[\/et_pb_text][\/et_pb_column][et_pb_column type=&#8221;2_3&#8243; _builder_version=&#8221;3.25&#8243; custom_padding=&#8221;|||&#8221; custom_padding__hover=&#8221;|||&#8221;][et_pb_image src=&#8221;https:\/\/www.nextron-systems.com\/wp-content\/uploads\/2018\/08\/Screen-Shot-2018-08-10-at-16.22.24.png&#8221; show_in_lightbox=&#8221;on&#8221; align_tablet=&#8221;center&#8221; align_last_edited=&#8221;on|desktop&#8221; _builder_version=&#8221;4.4.2&#8243; hover_enabled=&#8221;0&#8243;][\/et_pb_image][\/et_pb_column][\/et_pb_row][et_pb_row _builder_version=&#8221;3.25&#8243;][et_pb_column type=&#8221;4_4&#8243; _builder_version=&#8221;3.25&#8243; custom_padding=&#8221;|||&#8221; custom_padding__hover=&#8221;|||&#8221;][et_pb_text _builder_version=&#8221;3.27.4&#8243;]<\/p>\n<p>The following features are not yet implemented in v1.5 but on the roadmap for ASGARD v1.6:<\/p>\n<ul>\n<li>Signature verification<\/li>\n<li>Exclude the standard rule set (shipped with THOR and SPARK)<\/li>\n<\/ul>\n<p>[\/et_pb_text][\/et_pb_column][\/et_pb_row][\/et_pb_section]<\/p>\n","protected":false},"excerpt":{"rendered":"<p>The upcoming ASGARD version 1.5 comes with a IOC management section in which you can manage your own set of IOCs in text files, YARA and Sigma rules.You can then select each of the folders when creating a new scan run with THOR or SPARK. Selecting one of these folders will not include the sub folders. You can schedule and run scans with different IOC, Sigma and YARA rule sets. You can review the included custom signatures in the scan details.\u00a0 The following features are not yet implemented in v1.5 but on the roadmap for ASGARD v1.6: Signature verification Exclude the standard rule set (shipped with THOR and SPARK)<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_et_pb_use_builder":"on","_et_pb_old_content":"","_et_gb_content_width":"","footnotes":""},"categories":[35,46,33,32],"tags":[76,121,122,82,119,7,120,48],"class_list":["post-3644","post","type-post","status-publish","format-standard","hentry","category-asgard-management-center","category-newsletter","category-spark","category-thor","tag-asgard","tag-custom","tag-hash","tag-ioc","tag-management","tag-scanner","tag-scans","tag-yara"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v24.9 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>ASGARD IOC Management - Nextron Systems<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.nextron-systems.com\/2018\/08\/14\/asgard-ioc-management\/\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.nextron-systems.com\/2018\/08\/14\/asgard-ioc-management\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.nextron-systems.com\/2018\/08\/14\/asgard-ioc-management\/\"},\"author\":{\"name\":\"Florian Roth\",\"@id\":\"https:\/\/www.nextron-systems.com\/#\/schema\/person\/4fd503007d60aabaf1ae747502f36919\"},\"headline\":\"ASGARD IOC Management\",\"datePublished\":\"2018-08-14T11:08:35+00:00\",\"dateModified\":\"2022-03-25T13:15:04+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.nextron-systems.com\/2018\/08\/14\/asgard-ioc-management\/\"},\"wordCount\":422,\"publisher\":{\"@id\":\"https:\/\/www.nextron-systems.com\/#organization\"},\"keywords\":[\"asgard\",\"custom\",\"hash\",\"ioc\",\"Management\",\"scanner\",\"scans\",\"YARA\"],\"articleSection\":[\"ASGARD Management Center\",\"Newsletter\",\"SPARK\",\"THOR\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.nextron-systems.com\/2018\/08\/14\/asgard-ioc-management\/\",\"url\":\"https:\/\/www.nextron-systems.com\/2018\/08\/14\/asgard-ioc-management\/\",\"name\":\"ASGARD IOC Management - Nextron Systems\",\"isPartOf\":{\"@id\":\"https:\/\/www.nextron-systems.com\/#website\"},\"datePublished\":\"2018-08-14T11:08:35+00:00\",\"dateModified\":\"2022-03-25T13:15:04+00:00\",\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.nextron-systems.com\/2018\/08\/14\/asgard-ioc-management\/\"]}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.nextron-systems.com\/#website\",\"url\":\"https:\/\/www.nextron-systems.com\/\",\"name\":\"Nextron Systems\",\"description\":\"We Detect Hackers\",\"publisher\":{\"@id\":\"https:\/\/www.nextron-systems.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.nextron-systems.com\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.nextron-systems.com\/#organization\",\"name\":\"Nextron Systems GmbH\",\"url\":\"https:\/\/www.nextron-systems.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.nextron-systems.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.nextron-systems.com\/wp-content\/uploads\/2017\/11\/Nextron_0.2s_inv_symbol_only.png\",\"contentUrl\":\"https:\/\/www.nextron-systems.com\/wp-content\/uploads\/2017\/11\/Nextron_0.2s_inv_symbol_only.png\",\"width\":260,\"height\":260,\"caption\":\"Nextron Systems GmbH\"},\"image\":{\"@id\":\"https:\/\/www.nextron-systems.com\/#\/schema\/logo\/image\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.nextron-systems.com\/#\/schema\/person\/4fd503007d60aabaf1ae747502f36919\",\"name\":\"Florian Roth\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.nextron-systems.com\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/0dfaa838ce5d82e2e7bfa75ed3f43ae5?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/0dfaa838ce5d82e2e7bfa75ed3f43ae5?s=96&d=mm&r=g\",\"caption\":\"Florian Roth\"},\"description\":\"Florian Roth serves as the Head of Research and Development at Nextron Systems. With a background in IT security since 2000, he has delved deep into nation-state cyber attacks since 2012. Florian has developed the THOR Scanner and actively engages with the community via his Twitter handle @cyb3rops. He has contributed to open-source projects, including 'Sigma', a generic SIEM rule format, and 'LOKI', an open-source scanner. Additionally, he has shared valuable resources like a mapping of APT groups and operations and an Antivirus Event Analysis Cheat Sheet.\",\"url\":\"https:\/\/www.nextron-systems.com\/author\/florian\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"ASGARD IOC Management - Nextron Systems","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.nextron-systems.com\/2018\/08\/14\/asgard-ioc-management\/","schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.nextron-systems.com\/2018\/08\/14\/asgard-ioc-management\/#article","isPartOf":{"@id":"https:\/\/www.nextron-systems.com\/2018\/08\/14\/asgard-ioc-management\/"},"author":{"name":"Florian Roth","@id":"https:\/\/www.nextron-systems.com\/#\/schema\/person\/4fd503007d60aabaf1ae747502f36919"},"headline":"ASGARD IOC Management","datePublished":"2018-08-14T11:08:35+00:00","dateModified":"2022-03-25T13:15:04+00:00","mainEntityOfPage":{"@id":"https:\/\/www.nextron-systems.com\/2018\/08\/14\/asgard-ioc-management\/"},"wordCount":422,"publisher":{"@id":"https:\/\/www.nextron-systems.com\/#organization"},"keywords":["asgard","custom","hash","ioc","Management","scanner","scans","YARA"],"articleSection":["ASGARD Management Center","Newsletter","SPARK","THOR"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.nextron-systems.com\/2018\/08\/14\/asgard-ioc-management\/","url":"https:\/\/www.nextron-systems.com\/2018\/08\/14\/asgard-ioc-management\/","name":"ASGARD IOC Management - Nextron Systems","isPartOf":{"@id":"https:\/\/www.nextron-systems.com\/#website"},"datePublished":"2018-08-14T11:08:35+00:00","dateModified":"2022-03-25T13:15:04+00:00","inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.nextron-systems.com\/2018\/08\/14\/asgard-ioc-management\/"]}]},{"@type":"WebSite","@id":"https:\/\/www.nextron-systems.com\/#website","url":"https:\/\/www.nextron-systems.com\/","name":"Nextron Systems","description":"We Detect Hackers","publisher":{"@id":"https:\/\/www.nextron-systems.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.nextron-systems.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.nextron-systems.com\/#organization","name":"Nextron Systems GmbH","url":"https:\/\/www.nextron-systems.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.nextron-systems.com\/#\/schema\/logo\/image\/","url":"https:\/\/www.nextron-systems.com\/wp-content\/uploads\/2017\/11\/Nextron_0.2s_inv_symbol_only.png","contentUrl":"https:\/\/www.nextron-systems.com\/wp-content\/uploads\/2017\/11\/Nextron_0.2s_inv_symbol_only.png","width":260,"height":260,"caption":"Nextron Systems GmbH"},"image":{"@id":"https:\/\/www.nextron-systems.com\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/www.nextron-systems.com\/#\/schema\/person\/4fd503007d60aabaf1ae747502f36919","name":"Florian Roth","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.nextron-systems.com\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/0dfaa838ce5d82e2e7bfa75ed3f43ae5?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/0dfaa838ce5d82e2e7bfa75ed3f43ae5?s=96&d=mm&r=g","caption":"Florian Roth"},"description":"Florian Roth serves as the Head of Research and Development at Nextron Systems. With a background in IT security since 2000, he has delved deep into nation-state cyber attacks since 2012. Florian has developed the THOR Scanner and actively engages with the community via his Twitter handle @cyb3rops. He has contributed to open-source projects, including 'Sigma', a generic SIEM rule format, and 'LOKI', an open-source scanner. Additionally, he has shared valuable resources like a mapping of APT groups and operations and an Antivirus Event Analysis Cheat Sheet.","url":"https:\/\/www.nextron-systems.com\/author\/florian\/"}]}},"_links":{"self":[{"href":"https:\/\/www.nextron-systems.com\/wp-json\/wp\/v2\/posts\/3644","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.nextron-systems.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.nextron-systems.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.nextron-systems.com\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.nextron-systems.com\/wp-json\/wp\/v2\/comments?post=3644"}],"version-history":[{"count":6,"href":"https:\/\/www.nextron-systems.com\/wp-json\/wp\/v2\/posts\/3644\/revisions"}],"predecessor-version":[{"id":7280,"href":"https:\/\/www.nextron-systems.com\/wp-json\/wp\/v2\/posts\/3644\/revisions\/7280"}],"wp:attachment":[{"href":"https:\/\/www.nextron-systems.com\/wp-json\/wp\/v2\/media?parent=3644"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.nextron-systems.com\/wp-json\/wp\/v2\/categories?post=3644"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.nextron-systems.com\/wp-json\/wp\/v2\/tags?post=3644"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}