Download the newest version of our Antivirus Event Analysis Cheat Sheet here. --- Update 09.09.18 10:30am CET Thanks to Markus Neis, I've updated version 1.4 and created a version 1.5 just a few hours after my tweet. You can download version 1.5 here.
The new SPARK v1.14.16 supports the sample quarantine protocol named Bifrost.With Bifrost you're able to send suspicious samples that THOR or SPARK detect on endpoints directly to a central server for analysis.A Bifrost server is shipped in form of a Python script...
The new THOR-util version 1.2.4 supports the encryption of your custom signatures so that you can deploy your own IOC files and YARA rules in an encrypted form. We use a public key in the utilities to encrypt the files for our scanners so that admins, Antivirus...
The upcoming ASGARD version 1.5 comes with a IOC management section in which you can manage your own set of IOCs in text files, YARA and Sigma rules.You can then select each of the folders when creating a new scan run with THOR or SPARK. Selecting one of these folders...
There are a few relevant changes in the upcoming THOR version 8.49.0 that we would like to announce. Interpreter and Module Upgrades The integrated Python interpreter will be upgraded to Version 2.7.15. We have also upgraded several modules. All our tests showed no...
Sigma is a rule format for threat detection in log files. It is for log data what "Snort rules" are for network traffic or "YARA signatures" are for file data. It is easy to write and read. Writing a Sigma rule is a matter of minutes. On the right you can see a simple...
The new version of "thor-util" (used with THOR/SPARK) / "spark-core-util" (used with SPARK Core) support a feature that allows a user to convert any scanner log file into a convenient report. Convert THOR / SPARK / SPARK Core scan logs into HTML reports Convert a...
I’ve collected some interesting samples for an internal YARA rule creation training session with our interns. With this blog post, I'll also share 3 new premium feed YARA rules by pushing them to the Open Source signature-base repo. What are the the preliminary...
It is done! Our new free scanner SPARK Core has been released. After weeks of planning, development and testing, we're proud to provide the community with a new and powerful multi-platform scanner. SPARK Core is a reduced version of our successful scanner SPARK. The...
Take our software problem solving cheat sheet to give your interns, trainees, apprentices guidance while finding their own solution to common software problems.
We are currently upgrading our update infrastructure in many different ways. We have added 2 new dedicated update servers - update1 (Karlsruhe, Germany) and update2 (Lenexa, USA). The old update locations will still be supported for a few months but have to be...
Release notification of the ASGARD Management Center version 1.4 We have release version 1.4 for ASGARD. This version has major improvements in usability, flexibility, stability and performance. Plan and run THOR and SPARK scans on up to 10.000 endpoints – with a...