3.5. TLS Certificate Installation
Instead of using the pre-installed self-signed TLS Certificate, users should upload their own TLS Certificate for ASGARD. This will avoid browser warnings when navigating to your Analysis Cockpit's web interface.
In order to achieve the best possible compatibility with the
most common browsers, we recommend using the system's FQDN
in both fields Common Name
AND Hostnames
.
Navigate to the TLS
section via the Settings
menu.
You can click Generate CSR
to open the following modal.
Hint
Please note that generating a CSR on the command line is not supported.
The generated CSR can be used to generate a TLS Certificate. Subsequently, this TLS Certificate can be uploaded in the in the same section of your Analysis Cockpit.
3.6. Configure LDAP
The LDAP
tab in the Users and Roles
section lets you configure
an LDAP server and define mappings between LDAP groups and roles within
the Analysis Cockpit.
3.7. Configure Notifications
As described in Cases and Log Processing, the Analysis Cockpit is able to forward logs to a SIEM system in case this particular log line was added automatically to a case with the type "Incident".
The Notifications
section in the Case Management
settings allow
you to define custom notifications for event assignments (Event Assignment
Notifications). It is recommended to at least configure an Event Assignment
Notification for events that get added to existing Incident cases.
Additionally, notifications can be defined for changes to cases (Case Change Notifications), so Level 2 analysts can get notified if a case gets added to their in-queue (e.g., Finished Level 1).
The notification itself can be a syslog message or an email. In order to
use email for notifications you have to setup an email account in the
Mail Account
Tab. Additionally webhook support has been added to
facilitate interfacing to services like Slack.
Note
The Analysis Cockpit will collect all triggering events and send only one email every 15 minutes. Syslog and Webhooks are triggered in real time for every single event.
Additionally, you can see the notifications in the top right corner (bell
icon) and inspect them. You will see all Unread
notifications, which can
be Acknowledged
by selecting one or more notification and clicking
Acknowledge
. Only Unread
notifications will show up in the top right
status bar of the Cockpit.
3.7.1. Configure Event Assignment Notifications
To configure log notifications, click the Add Event Assignment
Notification
button in the Notifications
section of the
Case Management
menu. This leads you to a form that allows
you to set a name for your notification, the notification type (syslog,
email, webhook or notification within the Analysis Cockpit) and
the condition that will trigger your notification.
3.7.2. Configure Case Change Notifications
To configure Case Change Notifications, click the
Add Case Change Notification
button in the Notifications
section of the Case Management
menu. This leads you to
a form that allows setting a name for your notification, the
notification type (syslog, email, webhook or notification within
the Analysis Cockpit) and the condition that will trigger your notification.