Remote consoles<\/li>\n<\/ul>\n[\/et_pb_text][\/et_pb_column][\/et_pb_row][et_pb_row column_structure=”1_3,2_3″ _builder_version=”4.3.4″][et_pb_column type=”1_3″ _builder_version=”4.3.4″][et_pb_text _builder_version=”4.3.4″]<\/p>\n
IOC Management<\/h3>\n
The new IOC management allows to interface with a MISP instance and create rule sets based on filters.<\/p>\n
For example, you can search for and select all MISP events containing the keyword “Emotet”, create a new rule set from them and\u00a0then select this rule set to be used in a new THOR scan.\u00a0<\/p>\n
[\/et_pb_text][\/et_pb_column][et_pb_column type=”2_3″ _builder_version=”4.3.4″][et_pb_image src=”https:\/\/www.nextron-systems.com\/wp-content\/uploads\/2020\/03\/Screenshot-2020-03-02-at-13.57.24.png” _builder_version=”4.4.1″ hover_enabled=”0″][\/et_pb_image][\/et_pb_column][\/et_pb_row][et_pb_row column_structure=”1_3,2_3″ _builder_version=”4.3.4″][et_pb_column type=”1_3″ _builder_version=”4.3.4″][et_pb_text _builder_version=”4.3.4″]<\/p>\n
Playbooks<\/h3>\n
The so-called playbooks allow you to define a set of steps that the agent executes on an end system.\u00a0<\/p>\n
Each playbook can have up to 16 independant steps of the types “Run Command Line”, “Download File” or “Upload File”.<\/p>\n
It is easy to set up new playbooks that e.g. download a certain tool to the endpoints, run it and collect the generated output.\u00a0<\/p>\n
Each or all results of playbook executions can be collected via GUI or API.\u00a0Playbooks can be triggered via API to allow the integration into security orchestration, automation and response (SOAR) solutions.\u00a0<\/span><\/p>\nASGARD v2 ships with a set of predefined playbooks including:\u00a0<\/p>\n
\n- Collect system memory<\/li>\n
- Collect file or folders<\/li>\n
- Quarantine endpoint<\/li>\n
- Collect triage package<\/li>\n
- Collect process tree\u00a0<\/li>\n<\/ul>\n
[\/et_pb_text][\/et_pb_column][et_pb_column type=”2_3″ _builder_version=”4.3.4″][et_pb_image src=”https:\/\/www.nextron-systems.com\/wp-content\/uploads\/2020\/03\/Screenshot-2020-03-02-at-15.16.32.png” _builder_version=”4.4.1″ hover_enabled=”0″][\/et_pb_image][et_pb_image src=”https:\/\/www.nextron-systems.com\/wp-content\/uploads\/2020\/03\/Screenshot-2020-03-02-at-14.06.32.png” _builder_version=”4.4.1″ hover_enabled=”0″][\/et_pb_image][\/et_pb_column][\/et_pb_row][et_pb_row column_structure=”3_5,2_5″ _builder_version=”4.3.4″][et_pb_column type=”3_5″ _builder_version=”4.3.4″][et_pb_text _builder_version=”4.3.4″]<\/p>\n
Remote Console<\/h3>\n
The remote console allows you to open up a web based command line window on any attached end system. This greatly facilitates the analysis of suspicious events. Analysts can browse the remote system, review or change settings and\u00a0issue commands.<\/p>\n
During the session, you can select files for collection or define certain playbooks to be executed after disconnecting the command line session.<\/p>\n
Every session gets recorded for complete traceability.<\/p>\n
[\/et_pb_text][\/et_pb_column][et_pb_column type=”2_5″ _builder_version=”4.3.4″][et_pb_image src=”https:\/\/www.nextron-systems.com\/wp-content\/uploads\/2020\/03\/Screenshot-2020-03-02-at-13.55.59.png” _builder_version=”4.4.1″ hover_enabled=”0″][\/et_pb_image][\/et_pb_column][\/et_pb_row][et_pb_row _builder_version=”4.3.4″][et_pb_column type=”4_4″ _builder_version=”4.3.4″][et_pb_text _builder_version=”4.3.4″]<\/p>\n
Time Schedule<\/h3>\n
Beta customers will test drive ASGARD v2 in March and April. We expect a first release in June.<\/p>\n
An upgrade guide for ASGARD v1 customers will be provided.\u00a0<\/p>\n
[\/et_pb_text][\/et_pb_column][\/et_pb_row][\/et_pb_section]<\/p>\n","protected":false},"excerpt":{"rendered":"
The last five months we’ve been working on a shiny new version of our ASGARD platform that overcomes previous limitations and includes exciting new features. ASGARD 2 is a completely rewritten management platform, featuring a new interface, load balancing options, a new lightweight agent, custom response playbooks and greatly improved IOC management. Fundamental Changes Easy to use GUI and API for response functions (replaces GRR as underlying framework) Rewritten agents consume much less memory New dynamic agent load control allows to connect up to 25,000 endpoints Predefined and custom playbooks IOC management support for MISP Remote consoles IOC Management The new IOC management allows to interface with a MISP instance and create rule sets based on filters. For example, you can search for and select all MISP events containing the keyword “Emotet”, create a new rule set from them and\u00a0then select this rule set to be used in a new THOR scan.\u00a0Playbooks The so-called playbooks allow you to define a set of steps that the agent executes on an end system.\u00a0 Each playbook can have up to 16 independant steps of the types “Run Command Line”, “Download File” or “Upload File”. It is easy to set up new playbooks that […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_et_pb_use_builder":"on","_et_pb_old_content":"","_et_gb_content_width":"","footnotes":""},"categories":[35,46],"tags":[76,244,66,82,119,245,246,217,117,5],"class_list":["post-6784","post","type-post","status-publish","format-standard","hentry","category-asgard-management-center","category-newsletter","tag-asgard","tag-collect-memory","tag-incident-response","tag-ioc","tag-management","tag-misp","tag-playbooks","tag-sandbox","tag-scan","tag-thor"],"yoast_head":"\n
Upcoming ASGARD Version 2 - Nextron Systems<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.nextron-systems.com\/2020\/03\/02\/upcoming-asgard-version-2\/\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.nextron-systems.com\/2020\/03\/02\/upcoming-asgard-version-2\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.nextron-systems.com\/2020\/03\/02\/upcoming-asgard-version-2\/\"},\"author\":{\"name\":\"Florian Roth\",\"@id\":\"https:\/\/www.nextron-systems.com\/#\/schema\/person\/4fd503007d60aabaf1ae747502f36919\"},\"headline\":\"Upcoming ASGARD Version 2\",\"datePublished\":\"2020-03-02T14:41:25+00:00\",\"dateModified\":\"2022-03-25T13:14:58+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.nextron-systems.com\/2020\/03\/02\/upcoming-asgard-version-2\/\"},\"wordCount\":694,\"publisher\":{\"@id\":\"https:\/\/www.nextron-systems.com\/#organization\"},\"keywords\":[\"asgard\",\"collect memory\",\"incident response\",\"ioc\",\"Management\",\"MISP\",\"playbooks\",\"sandbox\",\"scan\",\"thor\"],\"articleSection\":[\"ASGARD Management Center\",\"Newsletter\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.nextron-systems.com\/2020\/03\/02\/upcoming-asgard-version-2\/\",\"url\":\"https:\/\/www.nextron-systems.com\/2020\/03\/02\/upcoming-asgard-version-2\/\",\"name\":\"Upcoming ASGARD Version 2 - Nextron Systems\",\"isPartOf\":{\"@id\":\"https:\/\/www.nextron-systems.com\/#website\"},\"datePublished\":\"2020-03-02T14:41:25+00:00\",\"dateModified\":\"2022-03-25T13:14:58+00:00\",\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.nextron-systems.com\/2020\/03\/02\/upcoming-asgard-version-2\/\"]}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.nextron-systems.com\/#website\",\"url\":\"https:\/\/www.nextron-systems.com\/\",\"name\":\"Nextron Systems\",\"description\":\"We Detect Hackers\",\"publisher\":{\"@id\":\"https:\/\/www.nextron-systems.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.nextron-systems.com\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.nextron-systems.com\/#organization\",\"name\":\"Nextron Systems GmbH\",\"url\":\"https:\/\/www.nextron-systems.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.nextron-systems.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.nextron-systems.com\/wp-content\/uploads\/2017\/11\/Nextron_0.2s_inv_symbol_only.png\",\"contentUrl\":\"https:\/\/www.nextron-systems.com\/wp-content\/uploads\/2017\/11\/Nextron_0.2s_inv_symbol_only.png\",\"width\":260,\"height\":260,\"caption\":\"Nextron Systems GmbH\"},\"image\":{\"@id\":\"https:\/\/www.nextron-systems.com\/#\/schema\/logo\/image\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.nextron-systems.com\/#\/schema\/person\/4fd503007d60aabaf1ae747502f36919\",\"name\":\"Florian Roth\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.nextron-systems.com\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/0dfaa838ce5d82e2e7bfa75ed3f43ae5?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/0dfaa838ce5d82e2e7bfa75ed3f43ae5?s=96&d=mm&r=g\",\"caption\":\"Florian Roth\"},\"description\":\"Florian Roth serves as the Head of Research and Development at Nextron Systems. With a background in IT security since 2000, he has delved deep into nation-state cyber attacks since 2012. Florian has developed the THOR Scanner and actively engages with the community via his Twitter handle @cyb3rops. He has contributed to open-source projects, including 'Sigma', a generic SIEM rule format, and 'LOKI', an open-source scanner. Additionally, he has shared valuable resources like a mapping of APT groups and operations and an Antivirus Event Analysis Cheat Sheet.\",\"url\":\"https:\/\/www.nextron-systems.com\/author\/florian\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Upcoming ASGARD Version 2 - Nextron Systems","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.nextron-systems.com\/2020\/03\/02\/upcoming-asgard-version-2\/","schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.nextron-systems.com\/2020\/03\/02\/upcoming-asgard-version-2\/#article","isPartOf":{"@id":"https:\/\/www.nextron-systems.com\/2020\/03\/02\/upcoming-asgard-version-2\/"},"author":{"name":"Florian Roth","@id":"https:\/\/www.nextron-systems.com\/#\/schema\/person\/4fd503007d60aabaf1ae747502f36919"},"headline":"Upcoming ASGARD Version 2","datePublished":"2020-03-02T14:41:25+00:00","dateModified":"2022-03-25T13:14:58+00:00","mainEntityOfPage":{"@id":"https:\/\/www.nextron-systems.com\/2020\/03\/02\/upcoming-asgard-version-2\/"},"wordCount":694,"publisher":{"@id":"https:\/\/www.nextron-systems.com\/#organization"},"keywords":["asgard","collect memory","incident response","ioc","Management","MISP","playbooks","sandbox","scan","thor"],"articleSection":["ASGARD Management Center","Newsletter"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.nextron-systems.com\/2020\/03\/02\/upcoming-asgard-version-2\/","url":"https:\/\/www.nextron-systems.com\/2020\/03\/02\/upcoming-asgard-version-2\/","name":"Upcoming ASGARD Version 2 - Nextron Systems","isPartOf":{"@id":"https:\/\/www.nextron-systems.com\/#website"},"datePublished":"2020-03-02T14:41:25+00:00","dateModified":"2022-03-25T13:14:58+00:00","inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.nextron-systems.com\/2020\/03\/02\/upcoming-asgard-version-2\/"]}]},{"@type":"WebSite","@id":"https:\/\/www.nextron-systems.com\/#website","url":"https:\/\/www.nextron-systems.com\/","name":"Nextron Systems","description":"We Detect Hackers","publisher":{"@id":"https:\/\/www.nextron-systems.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.nextron-systems.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.nextron-systems.com\/#organization","name":"Nextron Systems GmbH","url":"https:\/\/www.nextron-systems.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.nextron-systems.com\/#\/schema\/logo\/image\/","url":"https:\/\/www.nextron-systems.com\/wp-content\/uploads\/2017\/11\/Nextron_0.2s_inv_symbol_only.png","contentUrl":"https:\/\/www.nextron-systems.com\/wp-content\/uploads\/2017\/11\/Nextron_0.2s_inv_symbol_only.png","width":260,"height":260,"caption":"Nextron Systems GmbH"},"image":{"@id":"https:\/\/www.nextron-systems.com\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/www.nextron-systems.com\/#\/schema\/person\/4fd503007d60aabaf1ae747502f36919","name":"Florian Roth","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.nextron-systems.com\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/0dfaa838ce5d82e2e7bfa75ed3f43ae5?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/0dfaa838ce5d82e2e7bfa75ed3f43ae5?s=96&d=mm&r=g","caption":"Florian Roth"},"description":"Florian Roth serves as the Head of Research and Development at Nextron Systems. With a background in IT security since 2000, he has delved deep into nation-state cyber attacks since 2012. Florian has developed the THOR Scanner and actively engages with the community via his Twitter handle @cyb3rops. He has contributed to open-source projects, including 'Sigma', a generic SIEM rule format, and 'LOKI', an open-source scanner. Additionally, he has shared valuable resources like a mapping of APT groups and operations and an Antivirus Event Analysis Cheat Sheet.","url":"https:\/\/www.nextron-systems.com\/author\/florian\/"}]}},"_links":{"self":[{"href":"https:\/\/www.nextron-systems.com\/wp-json\/wp\/v2\/posts\/6784","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.nextron-systems.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.nextron-systems.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.nextron-systems.com\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.nextron-systems.com\/wp-json\/wp\/v2\/comments?post=6784"}],"version-history":[{"count":2,"href":"https:\/\/www.nextron-systems.com\/wp-json\/wp\/v2\/posts\/6784\/revisions"}],"predecessor-version":[{"id":6926,"href":"https:\/\/www.nextron-systems.com\/wp-json\/wp\/v2\/posts\/6784\/revisions\/6926"}],"wp:attachment":[{"href":"https:\/\/www.nextron-systems.com\/wp-json\/wp\/v2\/media?parent=6784"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.nextron-systems.com\/wp-json\/wp\/v2\/categories?post=6784"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.nextron-systems.com\/wp-json\/wp\/v2\/tags?post=6784"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}