ASGARD Management Center Archives - Nextron Systems

Efficient NIS2 Compliance with THOR & ASGARD

Frank Oster — Thu, 13 Mar 2025 09:39:02 +0000

The NIS2 Directive not only expands the scope of cybersecurity regulations but also introduces stricter penalties for non-compliance, including fines and liability risks for management. Unlike its predecessor, NIS2 mandates clear accountability and requires organizations to demonstrate ongoing risk assessments, incident reporting, and security improvements. Failing to prepare in time could lead to operational disruptions and legal consequences. How can businesses efficiently meet these new obligations while enhancing their cyber resilience?

Navigating Regulatory Challenges

Meeting regulatory requirements is becoming increasingly complex for companies. From PCI-DSS, GDPR, BAIT, VAIT, DORA, TISAX to the new NIS2 Directive, organizations must stay informed and prioritize the right security measures.

Especially for mid-sized enterprises, compliance with the NIS2 Directive (EU) 2022/2555 is crucial. Designed to enhance cybersecurity across the EU, the directive requires organizations to implement stronger security controls. The German implementation law, originally scheduled for October 2024, is now expected to take effect in 2025 – making this the ideal time to prepare.

Who Must Comply with the NIS2 Directive?

NIS2 applies to organizations in specific sectors with at least 50 employees or an annual turnover of €10 million. These sectors include:

Critical infrastructure(energy, transport, banking, healthcare, drinking water supply)
Digital service providers(cloud providers, data centers, online marketplaces)
Manufacturing & industrial production(chemicals, machinery, electronics, automotive, food industry)

Key Requirements of the NIS2 Directive

The directive establishes three core requirements for affected organizations:

1. Risk Management and Threat Detection (Article 21 NIS2)

Organizations must implement appropriate measures to minimize cyber risks, including forensic analysis, threat detection, and incident response planning.

How does Nextron support this?

THOR enables deep forensic scans to detect compromised systems, identifying threats such as dual-use tools, web shells, system manipulations, and other indicators of cyberattacks.
Aurora Agent provides real-time endpoint monitoring with Sigma rules, detecting threats such as Cobalt Strike beaconing, LSASS dumping, and suspicious network activity.
ASGARD Management Center streamlines the management of THOR scans and endpoints, offering automated updates and signature management.

2. Incident Reporting and Response (Article 23 NIS2)

Organizations must report cybersecurity incidents that could significantly impact their services to national authorities (in Germany, the BSI – Federal Office for Information Security).

How does Nextron support this?

ASGARD Analysis Cockpit enables automated analysis and prioritization of THOR scan results.
Automatic prioritization of findings facilitates incident response and ensures compliance with reporting obligations to the BSI.

3. Registration and Compliance Documentation (Article 24 NIS2)

Affected organizations must register with the national authority and provide ongoing documentation of their security measures.

How does Nextron support this?

THOR & ASGARD generate detailed reports and log files for compliance audits.
JSON and CSV exports allow seamless integration with SIEM systems and regulatory reporting.

Achieving NIS2 Compliance with Nextron Systems

By utilizing THOR, Aurora, and ASGARD, organizations can:

Identify cyber threats early and mitigate security risks
Document security incidents efficiently and respond quickly
Automate regular security assessments to ensure NIS2 compliance
Analyze incidents centrally and fulfill reporting obligations to authorities

Want to learn more?
Contact us to explore how THOR & ASGARD can be integrated into your cybersecurity strategy.

The post Efficient NIS2 Compliance with THOR & ASGARD appeared first on Nextron Systems.

End-of-Life ASGARD Management Center v2 and Master ASGARD v2

Boris Deibel — Wed, 10 Apr 2024 12:28:14 +0000

Nextron announces the end-of-sale and end-of-life dates for the ASGARD version 2 and Master ASGARD version 2. The last day to order the affected products was February 29, 2024. Customers with active service contracts will continue to receive support as shown until September 30, 2024.

End of Life Announcement Date	The date the document that announces the end-of-sale and end-of-life of a product is distributed to the general public.	23.02.2024
End of Sale Date	The product is no longer for sale after this date.	29.02.2024
End of Software Maintenance	The last date that Nextron may release any final software maintenance releases or bug fixes. After this date, Nextron will no longer develop, repair, maintain, or test the product software.	30.06.2024
Last Date of Support	The last date to receive applicable service and support for the product as entitled by active service contracts or by warranty terms and conditions. After this date, all support services for the product are unavailable, and the product becomes obsolete.	30.09.2024

The post End-of-Life ASGARD Management Center v2 and Master ASGARD v2 appeared first on Nextron Systems.

Announcing the Launch of Management Center v3.0

Boris Deibel — Wed, 21 Feb 2024 10:02:48 +0000

We are pleased to announce the release of ASGARD Management Center v3.0, marking a significant update from version 2.17.2. This latest version introduces key improvements, an upgraded operating system, and advancements in time synchronization and user interface.

Aimed at delivering a more stable and efficient experience, v3.0 is built to better meet the technical needs of our users. Read on for details about what’s new and how these changes can benefit you.

Improvements

Bug Fixes
Addressed and resolved various bugs to improve overall system performance.
UI Enhancements
A fresh, improved look and feel, making the UI more intuitive and user-friendly.
Sync Performance Boost
We’ve enhanced the synchronization between the Analysis Cockpit and Management Center for quicker and more reliable data transfer.

Major Changes

Update Server Switch
The new version uses update-301.nextron-systems.com instead of update3.nextron-systems.com. Please adjust your firewalls to allow connections to the new server.
Operating System Upgrade
We’ve upgraded the underlying Debian operating system, ensuring a more robust and secure environment.
Time Service Transition
Switching from Ntp to timesyncd for time synchronization. It’s simpler to set up and manage.

Stability in Key Areas

API Communication
The API interface remains unchanged for seamless integration.
Agents
Our agents continue functioning smoothly without requiring any re-deployment or updates.

FAQs

How long will you support version 2?
We will provide bug fixes and security updates for version 2 until June 2024.

Is the upgrade to version 3.0 an in-place upgrade?
Yes, the upgrade to version 3.0 doesn’t require a new system. It can be completed in-place by running the upgrade utility from an elevated command line.

How long does the upgrade take?
The upgrade typically takes between 15 to 30 minutes. The Analysis Cockpit will require additional time to synchronize with the new Management Center and may display a “red” status temporarily. This is normal and indicates ongoing synchronization. If this status persists for more than 2 hours, please contact support@nextron-systems.com for assistance.

Will the system reboot during the upgrade process?
Yes, the system will reboot multiple times during the upgrade process. No additional action is required after a reboot; the update will automatically continue until it is complete.

Are there other things to consider before performing the upgrade?

Ensure that there is at least 20% free disk space on your device. For instructions on freeing up space on your Management Center, please refer to this link. The upgrade requires connections to both the old and the new update server.

Is there a problem when using several Management Centers or Master ASGARD with different versions?
Yes, an ASGARD 2.x cannot be controlled via the Master ASGARD 3.x, so it is advisable to upgrade Master ASGARD and Management Center at the same time if possible.

Further Information
For more details, please refer to our manual, which provides comprehensive guidance on all the new features and changes.

The post Announcing the Launch of Management Center v3.0 appeared first on Nextron Systems.

Mjolnir Security: Incident Response Training – Dive Deep into Cybersecurity

Florian Roth — Tue, 26 Sep 2023 13:07:32 +0000

We’re thrilled to announce an exciting collaboration with our esteemed partner, Mjolnir Security. Immerse yourself in their renowned “Blue Team Incident Response Training” taking place from the 23rd to the 26th of October.

This four-day intensive program promises a deep dive into the world of cybersecurity, with sessions spanning 4 hours each day. And don’t worry if you can’t attend live – every session is recorded, ensuring you won’t miss a beat.

Enhance your cybersecurity skills by learning how to craft precise YARA rules. Witness the full prowess of the THOR scanner in action, integrated seamlessly with the ASGARD Management Center – our flagship centralized management platform designed for effortless scan management, advanced incident response capabilities, and much more. Plus, experience firsthand how our Analysis Cockpit can dissect and interpret findings, offering invaluable insights.

Discover the synergy of our enterprise-grade tools and visualize what a comprehensive deployment looks like in real-world scenarios. It’s a hands-on experience not to be missed!

Exclusive Discounts for Our Community:

THOR Lite Subscribers: Enjoy a whopping 30% off on the training fees. Just apply the discount code NextronThorLite at checkout or click here for direct access.
Existing Nextron Customers: We value your trust! Contact us and avail an exclusive 50% discount on the training.
Law Enforcement and Government Agencies: In our commitment to fortifying cybersecurity defenses at all levels, this training is absolutely free for you. Please reach out to us directly for details on how to avail of this offer.

Quick Links:

Register Now
For any queries related to the training, please drop an email at training@mjolnirsecurity.com.

Join us, and let’s elevate our cybersecurity skills together!

The post Mjolnir Security: Incident Response Training – Dive Deep into Cybersecurity appeared first on Nextron Systems.

ASGARD 2.14 Release

Florian Roth — Thu, 03 Nov 2022 12:32:31 +0000

We’ve just released the new ASGARD Management Center version 2.14 with important new features. This blog posts lists the most important changes in dedicated chapters. The whole change log can be found at the end of the article.

Broker Network

The Broker Network allows you to proxy connections to an ASGARD through a so called Broker.

The Broker is a hardened connection proxy that brokers connections to an ASGARD Management Center. Brokers can be exposed to the Internet and allow users to roam between the corporate network and their home network without the need for a permanent VPN connection. They can also load balance connections.

Two more components are required to maintain a Broker Network: a Gatekeeper and a Lobby.

The Gatekeeper is an application layer firewall that filters malformed or unverifiable requests. The Lobby is a dedicated system to manage and accept new request from yet unverified agents.

The use of the new Broker Network and its components is optional and requires a so-called “Broker License”. Please contact us for more details.

ASGARD Query Language

The new ASGARD query language allows to filter the list of assets based on complex conditions.

It can also be used to select targets for scans or other tasks.

Advanced Target Selection

Currently, the target selection only allows the selection of target groups based on their label. All target groups are combined with a logical OR.

The new target selection allows you to include and exclude groups of assets based on their tags.

E.g., you can now create a job that runs on all systems with the tag “linux” and exclude all systems with the tag “munich”. You can also combine them with a logical AND and instruct ASGARD to run tasks only on systems that have e.g. the labels “windows” AND “berlin”.

The result of this change is that you no longer need to label everything you want to select as target.

New Maintenance Tasks

New predefined tasks allow you to reconfigure or move an agent from one ASGARD Management Center to another one.

Other Important Changes and Improvements

Repeated installation of ASGARD agents will not cause duplicate assets
Manual deletion of assets from Asset View
Multiple UI improvements
The new ASGARD agent will not send his agent log via syslog by default anymore. This has to be enabled individually.

Full Change Log

Feature: Broker Network support
Feature: Search and select assets with queries, e.g. ‘hostname ends with “-dev” OR labels = “dev”‘
Feature: Optionally create group tasks with an asset query instead of labels
Feature: The agent config can now be maintained from ASGARD, e.g. change proxy settings
Feature: Move agent to a different ASGARD
Feature: Automatically resume THOR scans that have been terminated due to shutdown signals (e.g. on reboot)
Feature: Added a lot new ASGARD features to Master ASGARD, e.g. manage and download agent installers, manage Broker Network
Feature: Allows to delete assets
Feature: Delete agent installers
Feature: Added diagnostic checks to diagnostic download packs
Feature: Support unix filepath format in playbooks for Windows targets
Feature: Detect assets that run with same key material, e.g. cloned assets
Feature: Forward THOR and Aurora events via rsyslog
Feature: Migrate key material from old agent config on agent re-installation
Feature: Added more columns in some tables, e.g. ‘creator’ in service configurations or ‘active since’ in services
Feature: Download ASGARD users as CSV
Feature: Set description for remote consoles
Feature: New default playbook “Collect Agent Log” (requires an agent update)
Feature: Bulk task / scan creation
Change: Require min. TLS 1.3 for all agent connections. To disable min. TLS 1.3, set “LegacyTLS=1” in the ASGARD config file.
Change: Disable “Add and activate” button for “Add group task”, if “Scheduled start” is set
Change: Allow “–nohtml” flag for THOR
Change: Set scan status to error if THOR scan result does not contain ‘THOR scan finished’ message
Change: Collect stdout/stderr at the end of each playbook step instead of streaming it directly to ASGARD
Change: Automatically set THOR’s max runtime to unlimited and removed THOR’s max runtime argument from THOR flag list
Change: Ignore deprecated sigma rules
Change: Improved compression level of some generated zip files
Change: Allow stop of group tasks without starting it
Change: Improved diagnostics for synchronization with Analysis Cockpit
Change: Disabled syslog debug log on agents by default, added option to agent installer to enable syslog
Change: Added key usage and SAN to self-signed TLS certificate for UI on installation
Bugfix: Security fixes
Bugfix: Fixed missing ‘Default response mode’ in Sigma ruleset details
Bugfix: Fixed some missing Aurora flags
Bugfix: Fixed non-working save button for global Sigma false positive filter list
Bugfix: Fixed NaN when removing the score of an IOC
Bugfix: Fixed a bug in event caching in offline mode of Aurora Agent and LogWatcher
Bugfix: Fixed ‘Windows 11’ detected as ‘Windows 10’
Bugfix: Fixed missing LastLogon date in local users table
Bugfix: Disable deletion of the own user
Bugfix: Added “x86_64” in addition to “amd64” for agent installer rpm packages to support older yum/rpm
Bugfix: Fixed wrong YARA rule count after uploading YARA rules
Bugfix: Fixed “in a few seconds” last seen timestamps that have been caused by either a wrong server or browser clock
Bugfix: Removed some Aurora and Sigma error messages in ASGARD log after fresh installation
Bugfix: Removed a race condition between automatic and manual update checks that may cause corrupt product version numbers
Bugfix: Fixed missing “enabled/disabled service” history entries on ASGARDs that are connected to a Master ASGARD
Bugfix: Fixed corrupt network interfaces search in asset table for new assets that had no interrogate job yet
Bugfix: Fixed a bug in motd config that causes some error messages after a fresh installation
Bugfix: Removed c2 file name prefix from some compiled custom signatures
Bugfix: Fixed non-working obfuscated agent for AIX

The post ASGARD 2.14 Release appeared first on Nextron Systems.

ASGARD v2.13 Release

Florian Roth — Wed, 13 Apr 2022 15:08:13 +0000

Over the last 4 months, we’ve worked on many new UX improvements and the integration of our endpoint agent Aurora. Today, we are glad to announce the release of ASGARD version 2.13.

UX Improvements

We’ve reworked many sections and dialogues with user experience (UX) in mind.

Overall, we’ve made more than 260 changes, reworked complete sections and dialogues and added completely new functions like the new “diagnostics”.

Some of highlights:

Each THOR scan now shows a progress bar that doesn’t only show the state of completion but also the current module and element, the module progress and the amount of time spent on this module. This can help you to identify bottlenecks, issues or elements that should better be excluded from the scan.
All tables now have an option for an auto-refresh, which can be set per user and table (persistent setting by user)
The new diagnostics section helps you to quickly identify connectivity or configuration issues
Export and Import of Scan Templates
Reworked THOR download section, which allows to generate links for the “latest available version” and shows an information on the API endpoint usage
Improved agent installer repackaging options (e.g. repack all outdated installers)
Many dialogues with additional error handling of common user errors

Some of the planned UX improvements are still on the roadmap and will be part of the next update. These include:

More flexible group scan target selection (combine labels with AND instead of OR, filter selection for labels to exclude)
Maintenance section in which users can define clean-up rules for old data (remove old assets, automatically remove old log data etc.)

Scan Progress Bar (Single Scan)

Scan Progress Bar (Group Scan; Collapsed Info)

Auto Refresh Options

System Diagnostics

Background Load Indicators (green line)

Export & Import of Scan Templates

Reworked THOR Download Section (generate link for the latest version, information about the use of the tokens)

Improved Agent Installer Repackaging Options

Aurora Agent Support

This version allows the deployment and management of our Sigma-based endpoint agent.

You can find information about Aurora here.

ASGARD Management Center allows you to:

Manage rules that you want to use
Add false positive filters to rules
Define response actions for certain rules
Manage updates on these rules
Group rules into rule sets
Use rule sets in an Aurora configurations
Assign configurations to groups of end systems
Put all response actions in a configuration into simulation mode
Put single response actions in simulation mode
Manage rules that have been in simulation mode for a certain time
Apply so-called response sets (groups of response actions provided by Nextron) to your rule set
Apply your IOCs or IOCs retrieved from a MISP instance with Aurora

Aurora Agents (Deployed)

Sigma Rule Set Management

Aurora Agent Configurations

More changes in this release

AIX support (beta users only)
Collect THOR log as JSON (optional)
New section “Playbook Files” to manage all files and tools used in playbooks
License expiration warning messages
many more – see the changelog for all details

Upgrade

ASGARD Management Center customers upgrade their instances in “Updates > Management Center”.
Important: Make sure to upgrade Master ASGARD instances before upgrading the connected ASGARDs.

The post ASGARD v2.13 Release appeared first on Nextron Systems.

ASGARD v2.12 Released

Florian Roth — Mon, 24 Jan 2022 17:17:30 +0000

The new ASGARD Management Center version 2.12 adds new features and fixes several issues that were introduced with the version 2.11 in December last year.

Better Sigma Rule Management

We’ve added new features and improved the usability of the sigma rule management section, which is relevant for the released LogWatcher agent and beta customers testing our new Aurora agent.

The most important new features are the false positive and response editor, which allows Aurora customers to configure response actions for a triggering rule.

The false positive filter enables users to add filters that, instead of changing the original rule, extend it during deployment. This makes it easy to use updated rules with the same custom filter values that are only relevant in the user’s environment.

Revised Updates Section

The update section for the scanners and signatures has been revised. Each action has been reworked. Users can now trigger and update manually and check the log of the update process in a separate tab.

Full change log:

– Feature: Support Aurora Agent (Beta Only)
– Feature: Manage Sigma Responses and False Positives (Aurora Only)
– Feature: Enable / Disable Sigma Rules
– Feature: Manually check for THOR and Signature Updates
– Feature: Show log of previous update process
– Feature: Auto Config for Sigma Rulesets (Automatically add new Sigma Rules based on level)
– Feature: The UI now has a lot more indicators for e.g. ‘Asset Requests’, ‘Uncompiled Rulesets’ and more
– Feature: Added more graphs to overview page, e.g. incoming Aurora and Log Watcher events
– Feature: Added bulk update for available Sigma rule updates
– Feature: Added default Sigma Rulesets (if no ruleset has been created yet)
– Feature: Added background routine that removes older and unused THOR / Signature versions
– Feature: Edit Scan Templates
– Feature: Search THOR Flags / Aurora Options
– Feature: Download THOR Zip with target hostname as filename
– Change: Improved Server Status indicators
– Change: Improved licensing
– Change: LDAP users require at least one LDAP role, otherwise they are not authenticated anymore
– Change: Updated Sigma rules
– Change: Cosmetics and UX improvements
– Change: Updated default THOR and Signature auto-update config
– Change: Added more links and password reset help to login page
– Change: Improved usability and feedback in IOC Management section
– Change: Require current password for password change
– Bugfix: Re-added and improved “no labels” filter in assets table
– Bugfix: Re-added resize buttons for Remote Console
– Bugfix: Fixed an issue that causes some API keys to be corrupt
– Bugfix: Fixed non-working ‘Install Service Controller’ playbook on Master ASGARD
– Bugfix: Updated interrogate job to detect ‘Windows 11’ correctly
– Bugfix: Fixed corrupt ‘Is Domain Controller: No’ filter
– Bugfix: Fixed missing default value when editing Sigma or YARA rules in IOC Management
– Bugfix: Fixed non-working “use newer Sigma rule” button
– Bugfix: Fixed CRLF issues in IOC Management for some IOC types
– Bugfix: Fixed some missing MISP iocs in THOR download package
– Bugfix: Fixed permissions on some files that caused backup process of ASGARD config files on Master ASGARD to not work properly
– Bugfix: Fixed encryption issues with custom signatures for THOR Lite
– Bugfix: Fixed missing import in ntp config that causes ntp to not work properly on some ASGARDs
– Bugfix: Fixed tasks that are pending forever due to unknown task module
– Bugfix: Fixed non-working rsyslog reload after monthly logrotation
– Bugfix: Fixed wrong file extension of stdout and stderr file in group task result package

To install the update, visit the “Updates > Management Center” section.

The post ASGARD v2.12 Released appeared first on Nextron Systems.

Product Surveys – Tell us what you think

Florian Roth — Mon, 10 Jan 2022 15:46:08 +0000

We’d like to know your opinion on our products and therefore ask you to participate in our product surveys. Each of them takes between 2 and 5 minutes of your time, depending on how much you’d like to tell us.

THOR Customer Satisfaction Survey

You find the survey here.

ASGARD Customer Satisfaction Survey

You find the survey here.

Analysis Cockpit Customer Satisfaction Survey

You find the survey here.

Public Feature Collection

We also plan to publicly collect feature requests and allow you to up- or downvote requests of other users, comment on them and get informed when a feature has been implemented.

The post Product Surveys – Tell us what you think appeared first on Nextron Systems.

ASGARD: Check your Signature Versions

Christian Burkard — Fri, 17 Dec 2021 14:47:23 +0000

It came to our attention that under certain circumstances, after the upgrade to ASGARD 2.11, some ASGARD instances lost their scheduled task to automatically assign the newest signatures to scan jobs . We advice customers to review their update configuration if they are affected. Go to Updates > Scanners and Signatures. If you are affected the column ‘Automatically use newest version’ shows ‘not configured’.

In order to resolve this issue, you need to schedule a time for signature updates. Use the action button with the clock icon. We recommend an interval of 1 day (see the screenshot).

After you have entered the new schedule, you should see the configured date and interval in the “Automatically use newest revision” column.

The same mechanism is used to configure when new THOR versions should be used for scans. We recommend to use the default, which is also a daily update interval.

The post ASGARD: Check your Signature Versions appeared first on Nextron Systems.

Log4j Evaluations with ASGARD

Florian Roth — Fri, 17 Dec 2021 11:44:38 +0000

We’ve created two ASGARD playbooks that can help you find Log4j libraries affected by CVE-2021-44228 (log4shell) and CVE-2021-45046 in your environment.

Both playbooks can be found in our public Github repository.

We’ve created a playbook named “log4j-analysis” that helps you find instances that use versions of “log4j”. An additional evaluation script can be used to process the ASGARD playbook results and distinguish between affected and unaffected versions.

Another playbook named “log4shell-detector” allows you to run a script provided by our head of research on all Linux systems to detect exploitation attempts in log files.

The results of the evaluation script that processes the results of the “log4j-analysis” playbook look like this.

The post Log4j Evaluations with ASGARD appeared first on Nextron Systems.