3.4. TLS Certificate Installation
Instead of using the pre-installed self-signed TLS Certificate, users should upload their own TLS Certificate for ASGARD. This will avoid browser warnings when navigating to your Analysis Cockpit's web interface.
In order to achieve the best possible compatibility with the
most common browsers, we recommend using the system's FQDN
in both fields
Common Name AND
Navigate to the
TLS section via the
You can click
Generate CSR to open the following modal.
Please note that generating a CSR on the command line is not supported.
The generated CSR can be used to generate a TLS Certificate. Subsequently, this TLS Certificate can be uploaded in the in the same section of your Analysis Cockpit.
3.5. Configure LDAP
LDAP tab in the
Users and Roles section lets you configure
an LDAP server and define mappings between LDAP groups and roles within
the Analysis Cockpit.
3.6. Configure Notifications
As described in Cases and Log Processing, the Analysis Cockpit is able to forward logs to a SIEM system in case this particular log line was added automatically to a case with the type "Incident".
Notifications section in the
Case Management settings allow
you to define custom notifications for event assignments (Event Assignment
Notifications). It is recommended to at least configure an Event Assignment
Notification for events that get added to existing Incident cases.
Additionally, notifications can be defined for changes to cases (Case Change Notifications), so Level 2 analysts can get notified if a case gets added to their in-queue (e.g., Finished Level 1).
The notification itself can be a syslog message or an email. In order to
use email for notifications you have to setup an email account in the
Mail Account Tab. Additionally webhook support has been added to
facilitate interfacing to services like Slack.
The Analysis Cockpit will collect all triggering events and send only one email every 15 minutes. Syslog and Webhooks are triggered in real time for every single event.
Additionally, you can see the notifications in the top right corner (bell
icon) and inspect them. You will see all
Unread notifications, which can
Acknowledged by selecting one or more notification and clicking
Unread notifications will show up in the top right
status bar of the Cockpit.
3.6.1. Configure Event Assignment Notifications
To configure log notifications, click the
Add Event Assignment
Notification button in the
Notifications section of the
Case Management menu. This leads you to a form that allows
you to set a name for your notification, the notification type (syslog,
email, webhook or notification within the Analysis Cockpit) and
the condition that will trigger your notification.
3.6.2. Configure Case Change Notifications
To configure Case Change Notifications, click the
Add Case Change Notification button in the
section of the
Case Management menu. This leads you to
a form that allows setting a name for your notification, the
notification type (syslog, email, webhook or notification within
the Analysis Cockpit) and the condition that will trigger your notification.