After weeks of planning, development and testing, we’re proud to provide the community with a new and powerful multi-platform scanner.
The main differences are the Open Source signature base and the reduced set of modules. It uses LOKI’s open source “signature-base” instead of the big signature set that is used in THOR and SPARK. It also lacks some of the modules, like the SHIM cache, Registry, Eventlog and DeepDive modules.
This overview explains how SPARK Core fits in our current scanner portfolio:
- Free scanner for Windows, Linux and macOS
- Precompiled and encrypted open source signature set
- Update utility (spark-core-util) to download tested versions with signature updates
- Custom IOCs and signatures (just add them to the ./custom-signatures/ folder)
- Different output formats: text log, SYSLOG (udp/tcp/tcp+tls), JSON to file, JSON via Syslog
- Scan throttling to limit the CPU usage
All we ask for is a SPARK Core Newsletter subscription, which is a requirement for the automatic license renewal. Each subscriber receives a personal licenses file that is valid for 1 year and allows to run SPARK Core on as many systems as he wishes.
Support is not guaranteed but we provide the possibility to submit issues via our github page.
More information and download can be found on the product page.
We hope that you can use SPARK Core to catch some bad guys.