3.1. Connect to ASGARD Management Center
In order to receive log data from ASGARD Management Center systems, add them in the corresponding section in the system settings.
Settings
> Link Products
> Management Center
After you have connected the two components, all assets along with additional
information from ASGARD will show up in the Assets
section of your Analysis
Cockpit.
3.2. Asset View
In most cases working with the Baselining
section and the Cases
section
can be seen as the best practice approach for setting baselines and
dealing with alerts and warnings.
However, in some cases it makes sense to change perspective and rather go for a host centric approach. The Analysis Cockpit will calculate numbers of lines in different case types (Incident, Suspicious, Anomaly, etc.) on a per host basis for a given time frame. Along with information from ASGARD on last scan dates, labels, host availability etc. this gives an entirely different perspective.
By using the "Asset View" you can e.g., easily answer questions like:
Which systems appear most often in “Incident” cases?
Which systems haven't reported a single event for more than a month?
Which Domain Controllers have not been scanned yet?
Which systems with IP addresses starting "192.168." appear in "Incident" cases?
In combination with the ASGARD Query
and Labels
, which are identical
to your ASGARD, you can even narrow down the events by system group
(e.g., Domain Controllers, or certain locations).