Our compromise assessment scanner THOR is able to apply Sigma rules during the local Eventlog analysis. This can help any customer that has no central SIEM system or performs a live forensic analysis on a system group that does not report to central monitoring. By...
The newest update of our popular YARA rule feed named VALHALLA adds new features to its web interface. The most awaited new feature is a keyword search that allows you to query the database for certain keywords, rule names, reports, MITRE ATT&CK ids or tags. The...
The "Web Proxy Event Analysis Cheat Sheet" can help SOCs and security analysts classify proxy events (blocks, alerts) and is based on my ideas and many ideas from experts that helped me collect detection ideas for this document. You can download version 1.0 here. We...
The ASGARD manual is available in an online version. So far documentations have been provided as PDF file. From version 2.4 of ASGARD onwards, we publish the documentation on an online form. You can find the most recent version here.
In our recent webinar with Joe Stocker from Patriot Consulting and Matt Soseman from Microsoft, we had the chance to showcase the integration of THOR into Microsoft Defender ATP. You can register and watch the webinar here.
The following slides contain information on changes and new feature in several of our products. VALHALLA Product Update and New Features DOWNLOAD Slide DeckTHOR Cloud Technical Implementation, RoadmapDOWNLOAD Slide Deck
In the first week of June, we plan to release Master ASGARD v2. Master ASGARD is an ASGARD version that is able to connect to and control an unlimited number of ASGARD servers. While each ASGARD supports 25,000 connected endpoints, a Master ASGARD server can control...
PE Sieve Integration With the integration of @hasharezade's PE Sieve project THOR is able to detect and report a variety of process implants like replaced or injected portable executables (process hollowing), injected shellcodes, hooks and in-memory patches....
Nextron announces the end-of-sale and end-of-life dates for the ASGARD version 1 and Master ASGARD version 1. The last day to order the affected product(s) is May 31, 2020. Customers with active service contracts will continue to receive support as shown until June...
Rule Info Pages The new rule info pages allow you to get more information on a certain rule. You can find all the meta data, as well as past rule matches and previous antivirus verdicts. A second tab contains statistics. You can also report false positives that...
With this blog post we would like to inform you that our End-of-Life (EOL) products THOR 8 and SPARK will reach their End-if-Service-Life (EoSL) on 31th of October 2020. From this day onwards, product and signature updates will not be available anymore. Please...
We are proud to announce the release of THOR Lite. It is a trimmed-down version of THOR v10 with a reduced feature set and the open source signature base used in LOKI and the now obsolete scanner SPARK Core. It uses the completely rewritten code base of THOR v10...