3.16. Evidence Collection

3.16.1. Collected Evidences

ASGARD provides two forms of collected evidence:

Playbook output (file or memory collection, command output)
Sample quarantine (sent by THOR via Bifrost protocol during the scan)

All collected evidence can be downloaded in the Collected Evidence section.

3.16.2. Bifrost Quarantine

If Bifrost is used with your THOR scans, all collected samples show up here. You will need the "ResponseControl" permission in order to view or download the samples. See section Roles and Rights for details.