3.1. Connect to ASGARD Management Center

In order to receive log data from ASGARD Management Center systems, add them in the corresponding section in the system settings.

Settings > Link Products > Management Center

Link ASGARD Management Center

Link ASGARD Management Center

After you have connected the two components, all assets along with additional information from ASGARD will show up in the Assets section of your Analysis Cockpit.

Asset View after a Successful Connection

Asset View after a Successful Connection

3.2. Asset View

In most cases working with the Baselining section and the Cases section can be seen as the best practice approach for setting baselines and dealing with alerts and warnings.

However, in some cases it makes sense to change perspective and rather go for a host centric approach. The Analysis Cockpit will calculate numbers of lines in different case types (Incident, Suspicious, Anomaly, etc.) on a per host basis for a given time frame. Along with information from ASGARD on last scan dates, labels, host availability etc. this gives an entirely different perspective.

By using the "Asset View" you can e.g., easily answer questions like:

  • Which systems appear most often in “Incident” cases?

  • Which systems haven't reported a single event for more than a month?

  • Which Domain Controllers have not been scanned yet?

  • Which systems with IP addresses starting "192.168." appear in "Incident" cases?

In combination with the ASGARD Query and Labels, which are identical to your ASGARD, you can even narrow down the events by system group (e.g., Domain Controllers, or certain locations).

Filtering within the Assets View

Filtering within the Assets view